General
-
Target
9073eb184ea9cb5a5553ed24798073a5f50d0045e64f38a7c9166ed61bf463b8
-
Size
221KB
-
Sample
220521-pqv91sbadr
-
MD5
44e4a524574424dbe81694de83c56978
-
SHA1
b9dce4679c2a51be8e5bc649aaef642942eb4392
-
SHA256
9073eb184ea9cb5a5553ed24798073a5f50d0045e64f38a7c9166ed61bf463b8
-
SHA512
e30f168044919b4ac89ef3a1e0d63888e85b4a1a36c2a20b81ff3031e975ce5d869063dd4c516b9ddb86981bda0b7caad2312590d501968ef711ea3c6df26c74
Static task
static1
Behavioral task
behavioral1
Sample
fattura.jar
Resource
win7-20220414-en
Malware Config
Extracted
wshrat
http://pluginsrv2.duckdns.org:8899
Targets
-
-
Target
fattura.jar
-
Size
221KB
-
MD5
4ebaf0ed00b6136fe1e4273508d855fa
-
SHA1
a3e6b82b95500b8eda4ab37a8f3865d47af3c7ad
-
SHA256
be32a4b1ba9b1ac7803eac01ca4a38f96770ad27d2d434794809ba3242182b0d
-
SHA512
80c243457a0b879b0cd2484837357326593131207e200f93cd4f40a2ce5dd4c8e5590c6f67638b7942c1ca6634abc637fa9658b81791116419960deb349f49c3
-
Ratty Rat Payload
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-