General
-
Target
PO scan copy.js
-
Size
90KB
-
Sample
220616-hvcj5sgacr
-
MD5
38e8ff0f57ff64b5511dd56676b1053a
-
SHA1
fbae99edd1a3acdb9ceacef8a0da3e0dc51ecca9
-
SHA256
d4525203fe3f04c24c96df5d52770f3a99357bd244006abd28d782ddcdffbd29
-
SHA512
a020891cae1fb9b8a30e6d16dc564c127d50f1ffc656838dea55aeef323571a03706d883e7fc31d9695c9f6c644b4bfa9d81bc5cedadd20426839f627a34a4a6
Static task
static1
Behavioral task
behavioral1
Sample
PO scan copy.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO scan copy.js
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PO scan copy.js
-
Size
90KB
-
MD5
38e8ff0f57ff64b5511dd56676b1053a
-
SHA1
fbae99edd1a3acdb9ceacef8a0da3e0dc51ecca9
-
SHA256
d4525203fe3f04c24c96df5d52770f3a99357bd244006abd28d782ddcdffbd29
-
SHA512
a020891cae1fb9b8a30e6d16dc564c127d50f1ffc656838dea55aeef323571a03706d883e7fc31d9695c9f6c644b4bfa9d81bc5cedadd20426839f627a34a4a6
Score10/10-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-