General
-
Target
Goods.js
-
Size
25KB
-
Sample
221027-gj57msbaf2
-
MD5
f1adae8851371ac2265761f593c99b7f
-
SHA1
fd0258eba70d536c198650fbe24ff9c01d5c472a
-
SHA256
a4aa874fca6b92a1230f369b0b6669bf002b6c57b46266c0f4c7b6e0c195bcbb
-
SHA512
d6d375257553fe57fe9785ff243d7a188dba63a687422d189ba5ce2c6aceab3b89d206566ba9a5afc77729d0d57c043cfc1bf69a9a44609d6197542f090c372a
-
SSDEEP
384:wPUtaScSEbyO+0Wrr6k5AFv0KoYDBRmGgp1i394eeS3:QC7EbGruFveYDBRmGguN4e13
Static task
static1
Behavioral task
behavioral1
Sample
Goods.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Goods.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://212.193.30.230:7780
Targets
-
-
Target
Goods.js
-
Size
25KB
-
MD5
f1adae8851371ac2265761f593c99b7f
-
SHA1
fd0258eba70d536c198650fbe24ff9c01d5c472a
-
SHA256
a4aa874fca6b92a1230f369b0b6669bf002b6c57b46266c0f4c7b6e0c195bcbb
-
SHA512
d6d375257553fe57fe9785ff243d7a188dba63a687422d189ba5ce2c6aceab3b89d206566ba9a5afc77729d0d57c043cfc1bf69a9a44609d6197542f090c372a
-
SSDEEP
384:wPUtaScSEbyO+0Wrr6k5AFv0KoYDBRmGgp1i394eeS3:QC7EbGruFveYDBRmGguN4e13
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-