General
-
Target
proof of payment.001.rar
-
Size
14KB
-
Sample
221024-pqnj6sgfgn
-
MD5
93b507e5fe85f2e4d84374cd4c1424cd
-
SHA1
42f52462f338dce7a6e3f52a8c4b8b5d18297bc8
-
SHA256
d342cec59ebc05ff56c40ee2ffb1024883d89532f32ee3f2b53cc1ca57eb5259
-
SHA512
aca765541b5d66262b2f32f59939a590b06bcd21f0bdb702c18716234ccbcb856ed2561f7f0104e2e472485eed292cb4066fb69318c680685c75cfc1861b1a9b
-
SSDEEP
384:RvHlFIAFNVZirtoSeGj5wTXzCg9VLHOxUx7mmiQyAuRP5665P2:1lNFweGlw3VL/7NB1uRh6W+
Static task
static1
Behavioral task
behavioral1
Sample
proof of payment.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
proof of payment.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://chuks.wikaba.com:6424
Targets
-
-
Target
proof of payment.js
-
Size
39KB
-
MD5
5b6e9a548c15dc32988b91c6ca5ec2df
-
SHA1
af63806323c07129c6dcb138971496baeeddc856
-
SHA256
c91bae3e00eabcee11b278419c503cbb28f94372f349ff56d0d04207d5f1e7fe
-
SHA512
19040cb6e11a250ed47ec77c364fef8f000b83dbf2021825c308af58cbd15735dd2f3e56074603482ed5e3fa7671c46dd72ca154479c6138ebcc17731b2e80ad
-
SSDEEP
768:Ft7X36ZgnCdZ2xYUTn2rXoevZwPUJzUXE5:FdaWnCdZ8YUT8oevyozGE5
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-