General
-
Target
wynlog (1).js
-
Size
189KB
-
Sample
221028-lfxhjsffdn
-
MD5
bc2c4ce0e4cd1ae0b5b0af84b03d0a66
-
SHA1
8d5fc4d413918b3750d1ed16c0ccc4d105a3c891
-
SHA256
726d793d69e118eedfdb88458f8dbd241dfb931ce3819058ee53527b8ee32b15
-
SHA512
55d8485603a7622ef810031c54baeabf6c43152209f0edc1543060082851e54c7b9776190b3d4fd1b4172941bebbfbea641b30222bc96c997571f622b938d7e5
-
SSDEEP
3072:6E8ez9oru2wvhQ0bamBbIpklgVDSxGfmuZSZ7tvEzpVeGK/65TbURCF:61c9yMrAklgF2GuuZWpKeGKfRCF
Behavioral task
behavioral1
Sample
wynlog (1).js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
wynlog (1).js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:3670
Targets
-
-
Target
wynlog (1).js
-
Size
189KB
-
MD5
bc2c4ce0e4cd1ae0b5b0af84b03d0a66
-
SHA1
8d5fc4d413918b3750d1ed16c0ccc4d105a3c891
-
SHA256
726d793d69e118eedfdb88458f8dbd241dfb931ce3819058ee53527b8ee32b15
-
SHA512
55d8485603a7622ef810031c54baeabf6c43152209f0edc1543060082851e54c7b9776190b3d4fd1b4172941bebbfbea641b30222bc96c997571f622b938d7e5
-
SSDEEP
3072:6E8ez9oru2wvhQ0bamBbIpklgVDSxGfmuZSZ7tvEzpVeGK/65TbURCF:61c9yMrAklgF2GuuZWpKeGKfRCF
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-