General
-
Target
57333809-dbd0-4c22-b696-ed9d3682de21.js
-
Size
285KB
-
Sample
230208-b66h2agf88
-
MD5
3bbcc5d020c78a15e255fd64488ca85f
-
SHA1
7c51ef5035b77aa6557e6f4ecd87db3672d17703
-
SHA256
89f45442db86a345f88320a8d4f0b5f5ac49a8828181f98d62c30633821dffbf
-
SHA512
b4b756be58ea82a1c978cb5ee5b43b380976f5aa4ae9c25c567196bae678c72cb2316ed51a4964f2d62010926fc81695d8bdb9faef09579a67ba0314229d004b
-
SSDEEP
6144:7DrSmg1GX1AYjy8iRH8mwZBN50AbjAfjgauIOI4Jsu:7DrS1GXOut/59bjAf7O6u
Static task
static1
Behavioral task
behavioral1
Sample
57333809-dbd0-4c22-b696-ed9d3682de21.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
57333809-dbd0-4c22-b696-ed9d3682de21.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://oyo.powrkenken.info:46077
Targets
-
-
Target
57333809-dbd0-4c22-b696-ed9d3682de21.js
-
Size
285KB
-
MD5
3bbcc5d020c78a15e255fd64488ca85f
-
SHA1
7c51ef5035b77aa6557e6f4ecd87db3672d17703
-
SHA256
89f45442db86a345f88320a8d4f0b5f5ac49a8828181f98d62c30633821dffbf
-
SHA512
b4b756be58ea82a1c978cb5ee5b43b380976f5aa4ae9c25c567196bae678c72cb2316ed51a4964f2d62010926fc81695d8bdb9faef09579a67ba0314229d004b
-
SSDEEP
6144:7DrSmg1GX1AYjy8iRH8mwZBN50AbjAfjgauIOI4Jsu:7DrS1GXOut/59bjAf7O6u
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-