General
-
Target
request for quotation.js
-
Size
38KB
-
Sample
221024-wh19mahhgl
-
MD5
3a61702420fb229a0a84b53cf0bb5076
-
SHA1
b3a78182487116c31042ace54af25b3d3b87f603
-
SHA256
c448671837087699ae4c2fcd35e1958a9d55282120dc6e7bf767c6a032a6e4eb
-
SHA512
98ebe463de8bb5b34b0d5849189fb8862efd666d7883dd18d8bfb01750782f10b53933c5f8a1e34bd93589e50734d3cfd1519d326170fb9671bd189d8e1c22c3
-
SSDEEP
768:xbnKOxSotWOCexFFTXBABa5u53NiwjiJ+0lGvK0SaAk:F7tvbFTXeB+o3NiwjiJOK0SaZ
Static task
static1
Behavioral task
behavioral1
Sample
request for quotation.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
request for quotation.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://harold.jetos.com:1604
Targets
-
-
Target
request for quotation.js
-
Size
38KB
-
MD5
3a61702420fb229a0a84b53cf0bb5076
-
SHA1
b3a78182487116c31042ace54af25b3d3b87f603
-
SHA256
c448671837087699ae4c2fcd35e1958a9d55282120dc6e7bf767c6a032a6e4eb
-
SHA512
98ebe463de8bb5b34b0d5849189fb8862efd666d7883dd18d8bfb01750782f10b53933c5f8a1e34bd93589e50734d3cfd1519d326170fb9671bd189d8e1c22c3
-
SSDEEP
768:xbnKOxSotWOCexFFTXBABa5u53NiwjiJ+0lGvK0SaAk:F7tvbFTXeB+o3NiwjiJOK0SaZ
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-