General
-
Target
Solicitation#E62-357.pdf.js
-
Size
1.2MB
-
Sample
230125-vfn1vahb42
-
MD5
cbb9e8783d23b22f610462c202688dd2
-
SHA1
8f76df9b5b311c145c56a2c759c519955dfc430f
-
SHA256
c1b90fc87c2bc154d8157e388186d82e7b0e03a918b07b5f70d2a5bedcd5901c
-
SHA512
34862dbcc4072965059e704697cedbe1e274e34ca37318adfe2111da2a2a86b6a1977ec7f81f48aa8da5ea0692b147bd10d5ae1991c7d62edb35cd5f45d7eab8
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8jmrPJ729wORKlhxqxTOTMOpQvcg:eQ3B7qgpkrP4YtTMSlmUFclgZ/tDwLsw
Static task
static1
Behavioral task
behavioral1
Sample
Solicitation#E62-357.pdf.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Solicitation#E62-357.pdf.js
Resource
win10v2004-20221111-en
Malware Config
Extracted
wshrat
http://bona.kasowiitz.com:50125
Targets
-
-
Target
Solicitation#E62-357.pdf.js
-
Size
1.2MB
-
MD5
cbb9e8783d23b22f610462c202688dd2
-
SHA1
8f76df9b5b311c145c56a2c759c519955dfc430f
-
SHA256
c1b90fc87c2bc154d8157e388186d82e7b0e03a918b07b5f70d2a5bedcd5901c
-
SHA512
34862dbcc4072965059e704697cedbe1e274e34ca37318adfe2111da2a2a86b6a1977ec7f81f48aa8da5ea0692b147bd10d5ae1991c7d62edb35cd5f45d7eab8
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8jmrPJ729wORKlhxqxTOTMOpQvcg:eQ3B7qgpkrP4YtTMSlmUFclgZ/tDwLsw
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-