General
-
Target
RGDWPBDPM728HJNS5053.js
-
Size
13KB
-
Sample
220202-kd6g1ahgh5
-
MD5
c5ec831cc7614d4c4788432f4ab26c2a
-
SHA1
96118b4a23d05f840d4fe8094b3653a9edef2393
-
SHA256
8f5181621b7256b4db75d16e9f99a6e696155f0b516b01177b67d5ad23acfe3f
-
SHA512
9f92b9cee92a51f5f868147742ff9d1bde95065921a1f71810997abfb95ac3cd1fc9c1b33d432501f9ed8924ebcdcf059dcb01de84935222c760cf1f2c2331ba
Static task
static1
Behavioral task
behavioral1
Sample
RGDWPBDPM728HJNS5053.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RGDWPBDPM728HJNS5053.js
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
RGDWPBDPM728HJNS5053.js
-
Size
13KB
-
MD5
c5ec831cc7614d4c4788432f4ab26c2a
-
SHA1
96118b4a23d05f840d4fe8094b3653a9edef2393
-
SHA256
8f5181621b7256b4db75d16e9f99a6e696155f0b516b01177b67d5ad23acfe3f
-
SHA512
9f92b9cee92a51f5f868147742ff9d1bde95065921a1f71810997abfb95ac3cd1fc9c1b33d432501f9ed8924ebcdcf059dcb01de84935222c760cf1f2c2331ba
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-