General
-
Target
Quotation Request.js
-
Size
44KB
-
Sample
221109-rmtywshfa4
-
MD5
9f09acf3f30f2b09d7509a7eda87a14e
-
SHA1
d833eb8a70209454b68df1fcd10c54832298231f
-
SHA256
ee442f3b315081d57f588d3a260b3f6b53a374113ef6de989250b8a36cc131e2
-
SHA512
9413f70f28f039d60e5dc0ad7edbcf87aa73e8ab317c45616eb612ebdd80e8f6465992d43b738af9560fbe718221b616de977eac6ee5d6fb4cd65807ae9ffff1
-
SSDEEP
768:5UDwr0mf+kAzUOOCqret7eYpcFL3aXiSBQcvYcVPfzXBf0VzUw0Oz+:uYf+FzkhitdmbxSBeEfdMow0OS
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Quotation Request.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://kmajewska.duckdns.org:2556
Targets
-
-
Target
Quotation Request.js
-
Size
44KB
-
MD5
9f09acf3f30f2b09d7509a7eda87a14e
-
SHA1
d833eb8a70209454b68df1fcd10c54832298231f
-
SHA256
ee442f3b315081d57f588d3a260b3f6b53a374113ef6de989250b8a36cc131e2
-
SHA512
9413f70f28f039d60e5dc0ad7edbcf87aa73e8ab317c45616eb612ebdd80e8f6465992d43b738af9560fbe718221b616de977eac6ee5d6fb4cd65807ae9ffff1
-
SSDEEP
768:5UDwr0mf+kAzUOOCqret7eYpcFL3aXiSBQcvYcVPfzXBf0VzUw0Oz+:uYf+FzkhitdmbxSBeEfdMow0OS
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-