General
-
Target
wynlog (1).js
-
Size
188KB
-
Sample
221027-kxb3habffq
-
MD5
746654691cf5871e668bca54d52e7473
-
SHA1
f4d2aedb12837e06a9a973bb1633025adb4fa3ab
-
SHA256
bec14ec823d83fdada93ec1198c296d1b5e28b0faba61656366551cc1c24526a
-
SHA512
b1c38a609d4eaefdd2d82ce75b97b64a87497fd3f11a19495d9b3e37b41585e75b3019f553e40762c8bba05071be741a9ee25f4430625ae963a9e358e35d1fed
-
SSDEEP
3072:BGLYwJ2ZqyeZ8ibIpklgVDSxGfmuZcbURCvQ0bam8vEzKeGK/6iM7:BGLYw4ZPsAklgF2GuuZTRC4MSveGKJM7
Behavioral task
behavioral1
Sample
wynlog (1).js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
wynlog (1).js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:3670
Targets
-
-
Target
wynlog (1).js
-
Size
188KB
-
MD5
746654691cf5871e668bca54d52e7473
-
SHA1
f4d2aedb12837e06a9a973bb1633025adb4fa3ab
-
SHA256
bec14ec823d83fdada93ec1198c296d1b5e28b0faba61656366551cc1c24526a
-
SHA512
b1c38a609d4eaefdd2d82ce75b97b64a87497fd3f11a19495d9b3e37b41585e75b3019f553e40762c8bba05071be741a9ee25f4430625ae963a9e358e35d1fed
-
SSDEEP
3072:BGLYwJ2ZqyeZ8ibIpklgVDSxGfmuZcbURCvQ0bam8vEzKeGK/6iM7:BGLYw4ZPsAklgF2GuuZTRC4MSveGKJM7
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-