General
-
Target
Electronic receipt #AMZ-HWRM-1605160622.js
-
Size
127KB
-
Sample
220618-jfs41saaf3
-
MD5
9279ce6d838dae04a670dd9414db00eb
-
SHA1
960f79f13370c8bbaafed34d188cec956abb9cf5
-
SHA256
6e5e0e9f651300eb398ab45b10aa881ce9218088fb6a48c0e381be206c44b7b4
-
SHA512
55cf16a3024f5c60d4374fa05f22e7f00f93c011e7a1dda180a2805768cfcb6bd12f52d303e7616e46de3e0bd14a238b83940b1393ed91b44787da0e4b3e8485
Static task
static1
Behavioral task
behavioral1
Sample
Electronic receipt #AMZ-HWRM-1605160622.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Electronic receipt #AMZ-HWRM-1605160622.js
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Electronic receipt #AMZ-HWRM-1605160622.js
-
Size
127KB
-
MD5
9279ce6d838dae04a670dd9414db00eb
-
SHA1
960f79f13370c8bbaafed34d188cec956abb9cf5
-
SHA256
6e5e0e9f651300eb398ab45b10aa881ce9218088fb6a48c0e381be206c44b7b4
-
SHA512
55cf16a3024f5c60d4374fa05f22e7f00f93c011e7a1dda180a2805768cfcb6bd12f52d303e7616e46de3e0bd14a238b83940b1393ed91b44787da0e4b3e8485
Score10/10-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-