General
-
Target
ashan.russia.zakaz.zip
-
Size
3KB
-
Sample
220425-1j6mysdgd2
-
MD5
4924b6efd9a3ac791a1aea8c79f9d88d
-
SHA1
ae13978e2ccdff4079666f055535e86172aafe9f
-
SHA256
c739a9563ae2eab157316e450824300b219776a52723b028af79b8b4f443ec0d
-
SHA512
04f20bf27aef81db66dc2e407f31724a406c055f7d9b045a5708f888ed2f1d26a068b5e0d6475c7b3cceb6cbd5fa02c578a32daaed4037a80f71280113af19a6
Static task
static1
Behavioral task
behavioral1
Sample
???? ?????? ?????? ??????????? ??????.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
???? ?????? ?????? ??????????? ??????.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\README1.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
???? ?????? ?????? ??????????? ??????.js
-
Size
6KB
-
MD5
a0eda7011826f1fd9570cbca604f6d56
-
SHA1
34945745f5f129acc032522d44e5b4d76a68f792
-
SHA256
6c99965799210d23afbd37fca69f810854f548ded8f600ecd93c3990d8d2bdda
-
SHA512
ecf3beb5898bd3df212bfa6204b8496f1dd90d80daa19112f181defe25ff81b0ebc36fb4ec8f0d6dbade5af08df111f423862ee884682c847eaeb169f9f7ca47
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-