General
-
Target
PShipDocu.js
-
Size
267KB
-
Sample
221026-hqdawafabq
-
MD5
6f1e4abdfd15d34fd183f46bc7264801
-
SHA1
cd681ed5d352c7c29aaf3e5d8bdd96478d35adab
-
SHA256
3ecbdd867e103f88ff2ea4395c9888f69858e66c6f0b7fd43968f12524ec1987
-
SHA512
bf11cd65a79f4004eb3670cb7f21c30887e2ee904cde2ad929fa5561726450fb4d68e1d9a859322d9fd54c7c7fe011f31fa85cbdf2713212008c5d50bcbd6ba3
-
SSDEEP
6144:v457woVOZpfDBktAT2j7QF7Q43PdtTkTlMkbe/hMEN:v3dweTe7QF9j4dqyEN
Static task
static1
Behavioral task
behavioral1
Sample
PShipDocu.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PShipDocu.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://durband.duckdns.org:1705
Targets
-
-
Target
PShipDocu.js
-
Size
267KB
-
MD5
6f1e4abdfd15d34fd183f46bc7264801
-
SHA1
cd681ed5d352c7c29aaf3e5d8bdd96478d35adab
-
SHA256
3ecbdd867e103f88ff2ea4395c9888f69858e66c6f0b7fd43968f12524ec1987
-
SHA512
bf11cd65a79f4004eb3670cb7f21c30887e2ee904cde2ad929fa5561726450fb4d68e1d9a859322d9fd54c7c7fe011f31fa85cbdf2713212008c5d50bcbd6ba3
-
SSDEEP
6144:v457woVOZpfDBktAT2j7QF7Q43PdtTkTlMkbe/hMEN:v3dweTe7QF9j4dqyEN
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-