General
-
Target
Quotation Specification.js
-
Size
257KB
-
Sample
221111-hmg5nabhhr
-
MD5
e518b794449fb8aefe303d42733ecfb5
-
SHA1
0fe32c2da493796eb96efc097e77e93235652ee1
-
SHA256
ffccd7f8f935bdf8fdd19010b90a66d381f78a11372d87ea2ea9c62f02977bb4
-
SHA512
c7154e0a529dfbce737b471e4a3c31dddfa8d91e5dc90da5bf85d8f4c029b6ba2872971283f73365a2ca9eab0e4e1ef97684b979a310d0064c0e1975804c507b
-
SSDEEP
6144:urVEkpKaD68mn+e5ssyguHaQxCKcw6ZI3+8xMSblw8TSP:urBxDDH/xCKl7NOI8
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Specification.js
Resource
win7-20220901-en
Malware Config
Extracted
wshrat
http://harold.2waky.com:3609
Targets
-
-
Target
Quotation Specification.js
-
Size
257KB
-
MD5
e518b794449fb8aefe303d42733ecfb5
-
SHA1
0fe32c2da493796eb96efc097e77e93235652ee1
-
SHA256
ffccd7f8f935bdf8fdd19010b90a66d381f78a11372d87ea2ea9c62f02977bb4
-
SHA512
c7154e0a529dfbce737b471e4a3c31dddfa8d91e5dc90da5bf85d8f4c029b6ba2872971283f73365a2ca9eab0e4e1ef97684b979a310d0064c0e1975804c507b
-
SSDEEP
6144:urVEkpKaD68mn+e5ssyguHaQxCKcw6ZI3+8xMSblw8TSP:urBxDDH/xCKl7NOI8
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-