General
-
Target
EMFA Elektrik.PDF.js
-
Size
52KB
-
Sample
221107-3ljx3shbcj
-
MD5
09328337c18e6eaaa82580394be62eb1
-
SHA1
b6e8d3c4e228b45c419e4a449c533655a8330104
-
SHA256
a0329914f5d8862178bb740cf9ae6e908ca9f1b474504b52e2383936b4625813
-
SHA512
bad0fe25e5bc05c1ede5ccd676c605042c4a7b866d108cfd2835a99d06347bab5e5c730a42ccaab75ad6b15d47d58d5b9204482736e6bb17e3c97684df3bf944
-
SSDEEP
768:10wL7BSd3jZktbPBqIKwtsai9G9dFT+d5YDnwkNlaUsbs52lBR1aFCB51RshKema:vejyP4IKV2FT+d5Ywila6EBVNwEZjK
Static task
static1
Behavioral task
behavioral1
Sample
EMFA Elektrik.PDF.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
EMFA Elektrik.PDF.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://185.136.159.253:2070
Targets
-
-
Target
EMFA Elektrik.PDF.js
-
Size
52KB
-
MD5
09328337c18e6eaaa82580394be62eb1
-
SHA1
b6e8d3c4e228b45c419e4a449c533655a8330104
-
SHA256
a0329914f5d8862178bb740cf9ae6e908ca9f1b474504b52e2383936b4625813
-
SHA512
bad0fe25e5bc05c1ede5ccd676c605042c4a7b866d108cfd2835a99d06347bab5e5c730a42ccaab75ad6b15d47d58d5b9204482736e6bb17e3c97684df3bf944
-
SSDEEP
768:10wL7BSd3jZktbPBqIKwtsai9G9dFT+d5YDnwkNlaUsbs52lBR1aFCB51RshKema:vejyP4IKV2FT+d5Ywila6EBVNwEZjK
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-