General
-
Target
4fdd73adf38351ecdc492292299aed07
-
Size
114KB
-
Sample
220621-rvlx9aebek
-
MD5
4fdd73adf38351ecdc492292299aed07
-
SHA1
9581d6780af73280831a2fae22636278f0d0992f
-
SHA256
ca4f319704b8e8c93d10e74a8c8ba9760dc4f0ff29ff227ef44aec02bb675d40
-
SHA512
f0e07114f4f4a573f39de66e64b66a859a2477b6071e441c37b4cffa30958d7d9bdfd3cae9362c30cb43ce80ddb96b856de67cd778bad63b3b66b703921a3967
Static task
static1
Behavioral task
behavioral1
Sample
Custom Clearance Doc. AWB#5305323204643.js
Resource
win7-20220414-en
Malware Config
Extracted
wshrat
http://62.102.148.154:4044
Targets
-
-
Target
Custom Clearance Doc. AWB#5305323204643.js
-
Size
127KB
-
MD5
ca725f6c53d5cd93cdec59ea14d8493e
-
SHA1
ca8118f5fa816e134340e114bccf2e2c2c9605b3
-
SHA256
e83a856d7552c65e3a8ad5f411cfb0193a057de503be751ddd5e85ec42ad2b82
-
SHA512
4b40a794761d31a70b48993523f8996130f2b612bdf0f0cbef6216981f41ea5f5cb7513e605b954e631664e414bcbf1ff4992abbe5458a886abc312268e07d9f
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-