General
-
Target
YRGH009QA.js
-
Size
13KB
-
Sample
220208-bt5qzabff2
-
MD5
7e4052c4ef66b69ea6567cf9511cddcd
-
SHA1
4d3b046443bbba80244121c7ff44b3c4425292d3
-
SHA256
c91b33406d00fdedeebd6ce809a612df96b5cea7835c2c13061498c6960d76e3
-
SHA512
2b0ee57fdd1f77cb54f657fbea8637f040bba3728916f7e376e9f465ecca70e52dc9296c185908b9a37760812f85962b323bfcc7acdb74563cb45b089e8c0f19
Static task
static1
Behavioral task
behavioral1
Sample
YRGH009QA.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
YRGH009QA.js
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
YRGH009QA.js
-
Size
13KB
-
MD5
7e4052c4ef66b69ea6567cf9511cddcd
-
SHA1
4d3b046443bbba80244121c7ff44b3c4425292d3
-
SHA256
c91b33406d00fdedeebd6ce809a612df96b5cea7835c2c13061498c6960d76e3
-
SHA512
2b0ee57fdd1f77cb54f657fbea8637f040bba3728916f7e376e9f465ecca70e52dc9296c185908b9a37760812f85962b323bfcc7acdb74563cb45b089e8c0f19
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-