General
-
Target
RFQ.js
-
Size
38KB
-
Sample
221027-vp9znsdabr
-
MD5
4e560201c077de489d5decef56c8ba29
-
SHA1
e05a3b6beb5938a63d4f0e165fe0d61dd51f9cc0
-
SHA256
ae64d93368bda8560f4cc393f48279997027ec39cf8751bc0f433d7e2a63cbf6
-
SHA512
4880d420b3da9b66d4e6ec5bddbf6b4d6f6260b8e8624cf1971887615543980b72efa74277825eb9c6b2244be845cff187fb0f246603ee8c0502de7917fd2cbb
-
SSDEEP
768:8dKVLImlocTOFUFrgpVPWuu1NAifXlAhQ9OFs0SasA:qKG9ROrgbPRMNAifXlWs0SaR
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
RFQ.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://harold.jetos.com:1604
Targets
-
-
Target
RFQ.js
-
Size
38KB
-
MD5
4e560201c077de489d5decef56c8ba29
-
SHA1
e05a3b6beb5938a63d4f0e165fe0d61dd51f9cc0
-
SHA256
ae64d93368bda8560f4cc393f48279997027ec39cf8751bc0f433d7e2a63cbf6
-
SHA512
4880d420b3da9b66d4e6ec5bddbf6b4d6f6260b8e8624cf1971887615543980b72efa74277825eb9c6b2244be845cff187fb0f246603ee8c0502de7917fd2cbb
-
SSDEEP
768:8dKVLImlocTOFUFrgpVPWuu1NAifXlAhQ9OFs0SasA:qKG9ROrgbPRMNAifXlWs0SaR
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-