General
-
Target
Purchase Inquiry #210620220947.js
-
Size
456KB
-
Sample
220621-k8hdnaehd3
-
MD5
d7b9dd8c8988e35424c930b6f14a8472
-
SHA1
8ef48daf0ae415b98a947793462cbb4b9440314e
-
SHA256
5d5080676044d6feec7830dfa7d1cfa28edd7f9948d8489018f040a65416b7b5
-
SHA512
f61635a50dc82aeb59bf5e68fd6b149526ae0c7c0dfb6b628cba69a7f353fc77b687e237dde3d18c13c3d2e9d7b493658548081942c2dd485dd1d9ec557ae4ad
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry #210620220947.js
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Purchase Inquiry #210620220947.js
-
Size
456KB
-
MD5
d7b9dd8c8988e35424c930b6f14a8472
-
SHA1
8ef48daf0ae415b98a947793462cbb4b9440314e
-
SHA256
5d5080676044d6feec7830dfa7d1cfa28edd7f9948d8489018f040a65416b7b5
-
SHA512
f61635a50dc82aeb59bf5e68fd6b149526ae0c7c0dfb6b628cba69a7f353fc77b687e237dde3d18c13c3d2e9d7b493658548081942c2dd485dd1d9ec557ae4ad
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-