General
-
Target
KkzkKniBww_movar.js
-
Size
63KB
-
Sample
221125-h287paad28
-
MD5
f26c46d819119f4ccca8d143f93289b7
-
SHA1
c84db01b0f8406979f8fabc7d73567bb9a5aa90e
-
SHA256
bc2f42a0cf94f85af568cda4c54cacdfa0934112691c466bd5c6e66c1f027bf8
-
SHA512
f1280d48ea7eda1617c9091b31f24d73d491b58c9c5cdabeb3fde96642f9c127c4a7a901a43cc8bbfe7a59b2d7fcc762b8cda8c98e3e3fa69483d3411ba210db
-
SSDEEP
1536:XZqpqIKrA7C/AXx2BqDLECc5tfOsKsLMYOsor:XZLSbUTf1dLM1
Static task
static1
Behavioral task
behavioral1
Sample
KkzkKniBww_movar.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
KkzkKniBww_movar.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:7670
Targets
-
-
Target
KkzkKniBww_movar.js
-
Size
63KB
-
MD5
f26c46d819119f4ccca8d143f93289b7
-
SHA1
c84db01b0f8406979f8fabc7d73567bb9a5aa90e
-
SHA256
bc2f42a0cf94f85af568cda4c54cacdfa0934112691c466bd5c6e66c1f027bf8
-
SHA512
f1280d48ea7eda1617c9091b31f24d73d491b58c9c5cdabeb3fde96642f9c127c4a7a901a43cc8bbfe7a59b2d7fcc762b8cda8c98e3e3fa69483d3411ba210db
-
SSDEEP
1536:XZqpqIKrA7C/AXx2BqDLECc5tfOsKsLMYOsor:XZLSbUTf1dLM1
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-