General
-
Target
Solicitation#E62-359.pdf.js
-
Size
984KB
-
Sample
230124-rg9gdsdf3y
-
MD5
4e2d729e9c8329faf413b544c6e3e142
-
SHA1
a2e1e676ef6be73c851acbaf46b00eb8635fb875
-
SHA256
069428da73eef276063d954b097054ff9a31b9265d1472fc6e067d88f5be2a87
-
SHA512
24f0eeec9c97dbd77601c46bf2cd4ae02ebfc23f291367d1308a369df8b5f48794a11ec5720853e8507a1fa576d4b9164231ca65a4c7fa12fc7219d3ed86917f
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8zeLoJFl7BU/J:eQ3B7qgpkLoU
Static task
static1
Behavioral task
behavioral1
Sample
Solicitation#E62-359.pdf.js
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Solicitation#E62-359.pdf.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://bona.kasowiitz.com:50125
Targets
-
-
Target
Solicitation#E62-359.pdf.js
-
Size
984KB
-
MD5
4e2d729e9c8329faf413b544c6e3e142
-
SHA1
a2e1e676ef6be73c851acbaf46b00eb8635fb875
-
SHA256
069428da73eef276063d954b097054ff9a31b9265d1472fc6e067d88f5be2a87
-
SHA512
24f0eeec9c97dbd77601c46bf2cd4ae02ebfc23f291367d1308a369df8b5f48794a11ec5720853e8507a1fa576d4b9164231ca65a4c7fa12fc7219d3ed86917f
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8zeLoJFl7BU/J:eQ3B7qgpkLoU
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-