General
-
Target
proof of payment.js
-
Size
39KB
-
Sample
221024-pb3esagdb2
-
MD5
5b6e9a548c15dc32988b91c6ca5ec2df
-
SHA1
af63806323c07129c6dcb138971496baeeddc856
-
SHA256
c91bae3e00eabcee11b278419c503cbb28f94372f349ff56d0d04207d5f1e7fe
-
SHA512
19040cb6e11a250ed47ec77c364fef8f000b83dbf2021825c308af58cbd15735dd2f3e56074603482ed5e3fa7671c46dd72ca154479c6138ebcc17731b2e80ad
-
SSDEEP
768:Ft7X36ZgnCdZ2xYUTn2rXoevZwPUJzUXE5:FdaWnCdZ8YUT8oevyozGE5
Static task
static1
Behavioral task
behavioral1
Sample
proof of payment.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
proof of payment.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://chuks.wikaba.com:6424
Targets
-
-
Target
proof of payment.js
-
Size
39KB
-
MD5
5b6e9a548c15dc32988b91c6ca5ec2df
-
SHA1
af63806323c07129c6dcb138971496baeeddc856
-
SHA256
c91bae3e00eabcee11b278419c503cbb28f94372f349ff56d0d04207d5f1e7fe
-
SHA512
19040cb6e11a250ed47ec77c364fef8f000b83dbf2021825c308af58cbd15735dd2f3e56074603482ed5e3fa7671c46dd72ca154479c6138ebcc17731b2e80ad
-
SSDEEP
768:Ft7X36ZgnCdZ2xYUTn2rXoevZwPUJzUXE5:FdaWnCdZ8YUT8oevyozGE5
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-