General
-
Target
Purchase Inquiry AS894 - SG633.js
-
Size
90KB
-
Sample
220616-ctkapsafc3
-
MD5
4053e7f0fe576d067a0051229dab1ebc
-
SHA1
0b32eccac1da9a09fea04d6763b8b4b467a308fb
-
SHA256
f5bd9e703f4bc5d6e39b44059fd8f6d3cba2f1539a95e5b0f8b4d4ea418c1f02
-
SHA512
f541b75744b7b59d513ff26d76e125777c9b1e16304e3d52465c75157941a38c5967c186e5c4edbe326c3ddfc433ee4518830a369094bcd5ac422f3091cbd0c7
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry AS894 - SG633.js
Resource
win7-20220414-en
Malware Config
Extracted
wshrat
http://62.102.148.154:4044
Targets
-
-
Target
Purchase Inquiry AS894 - SG633.js
-
Size
90KB
-
MD5
4053e7f0fe576d067a0051229dab1ebc
-
SHA1
0b32eccac1da9a09fea04d6763b8b4b467a308fb
-
SHA256
f5bd9e703f4bc5d6e39b44059fd8f6d3cba2f1539a95e5b0f8b4d4ea418c1f02
-
SHA512
f541b75744b7b59d513ff26d76e125777c9b1e16304e3d52465c75157941a38c5967c186e5c4edbe326c3ddfc433ee4518830a369094bcd5ac422f3091cbd0c7
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-