General
-
Target
Fabrics Sample For Purchasepdf.js
-
Size
754KB
-
Sample
220725-k9l38sbhal
-
MD5
ac5c800d4839cd5720c1a9f2b17cf62c
-
SHA1
883bdc0515906351928059859ec9e4a2ef8a9e6a
-
SHA256
0d525dc4a7a6c40bc3eaaa2b8e0396122a945180032816ed78adc98295e63bb4
-
SHA512
54d16b6ad98f7270305b0d4ef5b62113cb464c00d5a246fa85f3b26a6bc74850e3c6a2ec51d0d2d3697c04c41656f8b0f902dd8f3fccbe8c467e3cc29194064e
Static task
static1
Behavioral task
behavioral1
Sample
Fabrics Sample For Purchasepdf.js
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Fabrics Sample For Purchasepdf.js
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
Fabrics Sample For Purchasepdf.js
-
Size
754KB
-
MD5
ac5c800d4839cd5720c1a9f2b17cf62c
-
SHA1
883bdc0515906351928059859ec9e4a2ef8a9e6a
-
SHA256
0d525dc4a7a6c40bc3eaaa2b8e0396122a945180032816ed78adc98295e63bb4
-
SHA512
54d16b6ad98f7270305b0d4ef5b62113cb464c00d5a246fa85f3b26a6bc74850e3c6a2ec51d0d2d3697c04c41656f8b0f902dd8f3fccbe8c467e3cc29194064e
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-