General
-
Target
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40.js
-
Size
51KB
-
Sample
221029-ys45dadfhl
-
MD5
032af7044cd24261edb9bcc78aec4a74
-
SHA1
0d0719e82440cf617227f7676c94ab924988f0a9
-
SHA256
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40
-
SHA512
19e6daa5874fc193421a8d4f40743d498fd85e19ad3ac18400666697e5f721bc42b9711bf48118db16212ff994d84673f9590e014264169976703f9fa042a356
-
SSDEEP
768:dUONBbwCi/M63wjVNAZF/yIaf9fgsQ7DQCD6zsgvic1Vfr/GIVcnIMHJ8coORRLK:HLidkVNAz/Jaf9eDQCmzcifLyscoOLLK
Static task
static1
Behavioral task
behavioral1
Sample
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:7670
Targets
-
-
Target
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40.js
-
Size
51KB
-
MD5
032af7044cd24261edb9bcc78aec4a74
-
SHA1
0d0719e82440cf617227f7676c94ab924988f0a9
-
SHA256
de95f97b146776465278d026f995f78dd87b3398086e358c96ba49f233be8c40
-
SHA512
19e6daa5874fc193421a8d4f40743d498fd85e19ad3ac18400666697e5f721bc42b9711bf48118db16212ff994d84673f9590e014264169976703f9fa042a356
-
SSDEEP
768:dUONBbwCi/M63wjVNAZF/yIaf9fgsQ7DQCD6zsgvic1Vfr/GIVcnIMHJ8coORRLK:HLidkVNAz/Jaf9eDQCmzcifLyscoOLLK
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-