General
-
Target
PO N°CF004303.js
-
Size
52KB
-
Sample
221111-xbmnbshh42
-
MD5
023c458a0d3f7d576d9bd7fb92dccd43
-
SHA1
cd1cf695dc7e4dfc8a00f103aedfa6c5074ab00d
-
SHA256
c1c242402b2a89f84fe0062b56c3dab6505fffdd23efde258dcce8a3ede90c61
-
SHA512
3824c3eb90a35561184258ce3600d4038fdc0465d6d72f22df026e80d0f88f09776d0ff15e2279df3df7bf05ddfbfb7346bc584e557e684e0cb23c6621ed2c4f
-
SSDEEP
768:VhxOJUawmUomzo1bOiQI6zLVyToGmExHoIsa8zdcRkNPahlbm+OK:gDU3s1b2IBToGmExHoIABc0ihlblOK
Static task
static1
Behavioral task
behavioral1
Sample
PO N°CF004303.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO N°CF004303.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://84.38.130.210:2070
Targets
-
-
Target
PO N°CF004303.js
-
Size
52KB
-
MD5
023c458a0d3f7d576d9bd7fb92dccd43
-
SHA1
cd1cf695dc7e4dfc8a00f103aedfa6c5074ab00d
-
SHA256
c1c242402b2a89f84fe0062b56c3dab6505fffdd23efde258dcce8a3ede90c61
-
SHA512
3824c3eb90a35561184258ce3600d4038fdc0465d6d72f22df026e80d0f88f09776d0ff15e2279df3df7bf05ddfbfb7346bc584e557e684e0cb23c6621ed2c4f
-
SSDEEP
768:VhxOJUawmUomzo1bOiQI6zLVyToGmExHoIsa8zdcRkNPahlbm+OK:gDU3s1b2IBToGmExHoIABc0ihlblOK
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-