General
-
Target
mTqJuHCwDz_wynlog.js
-
Size
267KB
-
Sample
221029-yjm5hadbgn
-
MD5
1e5ddaf84fe7b09586a903bb3fdfd0a7
-
SHA1
236c49968ca1ffd2d39e3baed2dfa36817156c58
-
SHA256
5cc3110cf10e1ebf8cb6090377ea1ef869fc3cd55e7ed6f6f56aa2cd8069b572
-
SHA512
33c87ba6ad22a468af8f35795a5d7356c95061fa14ce47c8fefcd94f4af22e840566ccc867c8d4d6f1d8e3003fc98dc36cdf4d06fa5391ff5aaa324ae9a8d231
-
SSDEEP
6144:nD0oZ66CN48NsgcSFW9oq/C4+moZUfs8BySTlA4R6r:nXL7H9j/C4jpH+CE
Static task
static1
Behavioral task
behavioral1
Sample
mTqJuHCwDz_wynlog.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
mTqJuHCwDz_wynlog.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://45.139.105.174:3670
Targets
-
-
Target
mTqJuHCwDz_wynlog.js
-
Size
267KB
-
MD5
1e5ddaf84fe7b09586a903bb3fdfd0a7
-
SHA1
236c49968ca1ffd2d39e3baed2dfa36817156c58
-
SHA256
5cc3110cf10e1ebf8cb6090377ea1ef869fc3cd55e7ed6f6f56aa2cd8069b572
-
SHA512
33c87ba6ad22a468af8f35795a5d7356c95061fa14ce47c8fefcd94f4af22e840566ccc867c8d4d6f1d8e3003fc98dc36cdf4d06fa5391ff5aaa324ae9a8d231
-
SSDEEP
6144:nD0oZ66CN48NsgcSFW9oq/C4+moZUfs8BySTlA4R6r:nXL7H9j/C4jpH+CE
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-