General
-
Target
HTMoDFxlkB_ayomover.js
-
Size
44KB
-
Sample
221109-t9e5cscafn
-
MD5
5171c96642f46bfd31720e6bfe867f80
-
SHA1
5acb6f251c2c5b17433a264683fc7b5fe28fcfbe
-
SHA256
11105ea3d96adca08d7a112ec4bbd34a96e96b0cfd140d03087463629d161e1f
-
SHA512
5bf5f8087ccb75e986a329b7268edf2bf71a08f05d57deb80c921061b11cfe1fca88a28a9b36f189d2fe16a740ce6c35ea059ce1eae51cb7618550a4fd0a1009
-
SSDEEP
768:5UDwr0mf+pcuzOKCq3fOb7uCa7FL3QWwx6FxGI1albKSIKX7F//xHO2E:uYf+2u9hvODaBb7wxoxGI1aYSIKX7RpG
Static task
static1
Behavioral task
behavioral1
Sample
HTMoDFxlkB_ayomover.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
HTMoDFxlkB_ayomover.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:7670
Targets
-
-
Target
HTMoDFxlkB_ayomover.js
-
Size
44KB
-
MD5
5171c96642f46bfd31720e6bfe867f80
-
SHA1
5acb6f251c2c5b17433a264683fc7b5fe28fcfbe
-
SHA256
11105ea3d96adca08d7a112ec4bbd34a96e96b0cfd140d03087463629d161e1f
-
SHA512
5bf5f8087ccb75e986a329b7268edf2bf71a08f05d57deb80c921061b11cfe1fca88a28a9b36f189d2fe16a740ce6c35ea059ce1eae51cb7618550a4fd0a1009
-
SSDEEP
768:5UDwr0mf+pcuzOKCq3fOb7uCa7FL3QWwx6FxGI1albKSIKX7F//xHO2E:uYf+2u9hvODaBb7wxoxGI1aYSIKX7RpG
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-