General
-
Target
RFQ AS894 - SG633.js
-
Size
624KB
-
Sample
220623-m45dqscfgl
-
MD5
d3db2dfffd41f471363876a0903e3f66
-
SHA1
e02adf79034ee16a5206dc99cafcd90994c3f8bf
-
SHA256
6bd23e175ea8456501a0575bca2c0d3892fa37666232750a08194d010fb6bae7
-
SHA512
745163d3378b6ccfdf22213bcfdd74c560c954992dca47c62d3273f528937f66503e5caf7f9bbc891caf34ee882d7ae7ef56d349a7d4eda7abf98c31294f6164
Static task
static1
Behavioral task
behavioral1
Sample
RFQ AS894 - SG633.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ AS894 - SG633.js
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RFQ AS894 - SG633.js
-
Size
624KB
-
MD5
d3db2dfffd41f471363876a0903e3f66
-
SHA1
e02adf79034ee16a5206dc99cafcd90994c3f8bf
-
SHA256
6bd23e175ea8456501a0575bca2c0d3892fa37666232750a08194d010fb6bae7
-
SHA512
745163d3378b6ccfdf22213bcfdd74c560c954992dca47c62d3273f528937f66503e5caf7f9bbc891caf34ee882d7ae7ef56d349a7d4eda7abf98c31294f6164
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-