General
-
Target
RFQ -F7 AIRCRAFT.js
-
Size
5.5MB
-
Sample
230207-vrz79agb3v
-
MD5
5f8b36eb5344031a80d596979dfa752c
-
SHA1
d9490cf67b33b741237efc63ff56e1b0d8ea36a8
-
SHA256
5b7fea2fca7f3dfb0e55d4bd6c2c6bfaecdb27c02b2f4e17ddac4985278571d7
-
SHA512
7fc20d4bd25a0c14402325efa3e04d5458933f5211350665bfff4b93c47c5b0c35623b2ab90f016f0279b5e923bba5fe609cf0fe494c4ed85a815cef3555366a
-
SSDEEP
6144:K41FAmzRqqfadNrdpM66w8yZKTnDC/K3jKkAw41Ue/3tzs/BXACA+HxZjD3I/SVc:/dLyNrdaMvk46efBs5wCxBDTDVCg3vb8
Static task
static1
Behavioral task
behavioral1
Sample
RFQ -F7 AIRCRAFT.js
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
RFQ -F7 AIRCRAFT.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
wshrat
http://45.139.105.174:1604
Targets
-
-
Target
RFQ -F7 AIRCRAFT.js
-
Size
5.5MB
-
MD5
5f8b36eb5344031a80d596979dfa752c
-
SHA1
d9490cf67b33b741237efc63ff56e1b0d8ea36a8
-
SHA256
5b7fea2fca7f3dfb0e55d4bd6c2c6bfaecdb27c02b2f4e17ddac4985278571d7
-
SHA512
7fc20d4bd25a0c14402325efa3e04d5458933f5211350665bfff4b93c47c5b0c35623b2ab90f016f0279b5e923bba5fe609cf0fe494c4ed85a815cef3555366a
-
SSDEEP
6144:K41FAmzRqqfadNrdpM66w8yZKTnDC/K3jKkAw41Ue/3tzs/BXACA+HxZjD3I/SVc:/dLyNrdaMvk46efBs5wCxBDTDVCg3vb8
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-