General
-
Target
b6d25ecb0051db174e07044f9b2769d8d01fbec8f1cd226c80060b4989353ec5
-
Size
130KB
-
Sample
220212-e6ypzahegk
-
MD5
c7b142125eb1c8e9f792c5e03b779690
-
SHA1
7fb3be06c9f6422e33fe43630e6ff9605a7c22a4
-
SHA256
845e28a72ea5103fb6872fab1f89369738b9b745fd20fdac2acf62f032ec9719
-
SHA512
0f720d6281589a91487e6474cfed58df4d56d9a776b65fd9765ff9963edf7bfe8e3bf4662876b7f9a040849c29ef66da2468e82b4f5a91df636f16e2b8916d05
Static task
static1
Behavioral task
behavioral1
Sample
invoice.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
invoice.js
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
invoice.js
-
Size
495KB
-
MD5
b11a07d2eac8ae65cc7a5f02aacd782b
-
SHA1
f2d001616c1deeeba49500650a419ac417319f5e
-
SHA256
9c162d9c78f7890b3bea82f582c668c9805a926e67bf162f69a65137c524d048
-
SHA512
1c8cf2c08d2340253739877d1e42372f1809a3b1dc50388351b28ad15458cf2c725703336f67fe50c1e650e7876135e0e0ca375cf53bb23175bdcd7f4c5778d8
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-