General
-
Target
shipment documents.js
-
Size
261KB
-
Sample
221109-mqwjnsgag8
-
MD5
3e1912c2b0aeb17efa1a1a264b95990d
-
SHA1
7d2b1111ea0d56dd41dbb83d1685be38e8269dd0
-
SHA256
749f06ddf9408597828f68ac69a74627d8fe31b23c0e25f5dbfb92301c0d2898
-
SHA512
f4352a6aafd9edfeb155a4d5b31bfe08383751e5c5cadee1a3f54c6ba1cf2ec765a108a260470204c532bcc8534ebc020b8d5c1f77e0b84c548545c6236daad6
-
SSDEEP
6144:GQdLQjTvan7FriEnXqdp1iBIj57JWokqNfiOgH8wEkmW:NdqTyJX87iqXs2hY
Static task
static1
Behavioral task
behavioral1
Sample
shipment documents.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
shipment documents.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://egodds.longmusic.com:2048
Targets
-
-
Target
shipment documents.js
-
Size
261KB
-
MD5
3e1912c2b0aeb17efa1a1a264b95990d
-
SHA1
7d2b1111ea0d56dd41dbb83d1685be38e8269dd0
-
SHA256
749f06ddf9408597828f68ac69a74627d8fe31b23c0e25f5dbfb92301c0d2898
-
SHA512
f4352a6aafd9edfeb155a4d5b31bfe08383751e5c5cadee1a3f54c6ba1cf2ec765a108a260470204c532bcc8534ebc020b8d5c1f77e0b84c548545c6236daad6
-
SSDEEP
6144:GQdLQjTvan7FriEnXqdp1iBIj57JWokqNfiOgH8wEkmW:NdqTyJX87iqXs2hY
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-