General
-
Target
suBZaIZZSy_ayomover.js
-
Size
41KB
-
Sample
221111-l8hvvsed75
-
MD5
e74c17c1cd2391f4196165b7ff5835cd
-
SHA1
89fd7a28e6732864e7af863c0db67aa4b7910020
-
SHA256
f4c467d745b4920e074209e95814ef511c3a239fb7296dc6ea36cd4a4875a743
-
SHA512
ea31d7b1a77ce34973a0678c3363d1a8257bd98413696737d8546546a49f387ab96e8f9c3bc7bf5aff42e87868e19ee850b434bf819a430658865c6e93bc24ac
-
SSDEEP
768:5UIzYbki0LNFL2VDPXho7e78+CrbMxFk9G9Fmw1ozKihyOXDhTnZfu+E:uB0LNFyVdge78NrgxFk94Fmw1RiYOXDO
Static task
static1
Behavioral task
behavioral1
Sample
suBZaIZZSy_ayomover.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
suBZaIZZSy_ayomover.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://45.139.105.174:7670
Targets
-
-
Target
suBZaIZZSy_ayomover.js
-
Size
41KB
-
MD5
e74c17c1cd2391f4196165b7ff5835cd
-
SHA1
89fd7a28e6732864e7af863c0db67aa4b7910020
-
SHA256
f4c467d745b4920e074209e95814ef511c3a239fb7296dc6ea36cd4a4875a743
-
SHA512
ea31d7b1a77ce34973a0678c3363d1a8257bd98413696737d8546546a49f387ab96e8f9c3bc7bf5aff42e87868e19ee850b434bf819a430658865c6e93bc24ac
-
SSDEEP
768:5UIzYbki0LNFL2VDPXho7e78+CrbMxFk9G9Fmw1ozKihyOXDhTnZfu+E:uB0LNFyVdge78NrgxFk94Fmw1RiYOXDO
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-