General
-
Target
RMB_payment.js
-
Size
79KB
-
Sample
220617-kbvbysbbbn
-
MD5
17dcce0cdb0204dac6c5bcbc0556158f
-
SHA1
512d68eec84b5fec6fc89e9a0a71f853540c32e3
-
SHA256
0507b44565581b01f61b3119270889a78ff24d0df00bf3c83c95dbb6090534fa
-
SHA512
f90ce3330e13221b8a2ad945c27a6a73ad2739761337200ad3d9d72a31c645f14bd1ea6a2373ba2e1f761565166dca22444bca01c04876a13351904fb50cabae
Static task
static1
Behavioral task
behavioral1
Sample
RMB_payment.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RMB_payment.js
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RMB_payment.js
-
Size
79KB
-
MD5
17dcce0cdb0204dac6c5bcbc0556158f
-
SHA1
512d68eec84b5fec6fc89e9a0a71f853540c32e3
-
SHA256
0507b44565581b01f61b3119270889a78ff24d0df00bf3c83c95dbb6090534fa
-
SHA512
f90ce3330e13221b8a2ad945c27a6a73ad2739761337200ad3d9d72a31c645f14bd1ea6a2373ba2e1f761565166dca22444bca01c04876a13351904fb50cabae
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-