General
-
Target
wynmove12.js
-
Size
24KB
-
Sample
221104-vsktysbahl
-
MD5
d5ea6c96a7024e85552409e96969ad7a
-
SHA1
c92f1c6c9746a71af29cef9c6f34b5d45bf67a80
-
SHA256
2d8b0b3ba291821031ecedb2888aef031d0ca7661e70ba53f77e0ba9d05623a9
-
SHA512
157f4e2d924b1db4ff16124cdbbbfa53f453589cc434ab68343bfc394e6d65a869969b41fe6bc8499369057870334a8d48035d536c07160b2d80a01c4c3db8d3
-
SSDEEP
384:/zeqLYJ6DOi96GL5hp4M487wCkns7RVXGRADNfltenQFNWa7E0RDKT/:nYJ6DOaL5hCl3bkVfPzma40ReL
Static task
static1
Behavioral task
behavioral1
Sample
wynmove12.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
wynmove12.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://45.139.105.174:7670
Targets
-
-
Target
wynmove12.js
-
Size
24KB
-
MD5
d5ea6c96a7024e85552409e96969ad7a
-
SHA1
c92f1c6c9746a71af29cef9c6f34b5d45bf67a80
-
SHA256
2d8b0b3ba291821031ecedb2888aef031d0ca7661e70ba53f77e0ba9d05623a9
-
SHA512
157f4e2d924b1db4ff16124cdbbbfa53f453589cc434ab68343bfc394e6d65a869969b41fe6bc8499369057870334a8d48035d536c07160b2d80a01c4c3db8d3
-
SSDEEP
384:/zeqLYJ6DOi96GL5hp4M487wCkns7RVXGRADNfltenQFNWa7E0RDKT/:nYJ6DOaL5hCl3bkVfPzma40ReL
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-