General
-
Target
Payment Details.pdf.js
-
Size
3.0MB
-
Sample
230220-n9qyzaad3y
-
MD5
2e893ed360a5b3586ae13862a492652f
-
SHA1
053d796519b37d69bf6650f92c5404ef9830ec43
-
SHA256
ec20d0a098f22992a04e3b875996a6af49e023e929fea3e6192c7444fb80553f
-
SHA512
f5720175d6383ac7053c1138d3c88c2b4f152985620771e595b698960e699268b3926b000adbf7cc53f184f9d6a5611b34ebad7810da4a973820e9f94af7afec
-
SSDEEP
3072:gOMWWSK0P5mUSfibfWZN7T7VE+NFlC7575eGlGE32qXaj1slgD71dwMbb9rp6D9B:y1Ye4E/e/gElEiLnD
Static task
static1
Behavioral task
behavioral1
Sample
Payment Details.pdf.js
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Payment Details.pdf.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://chongmei33.publicvm.com:7045
Targets
-
-
Target
Payment Details.pdf.js
-
Size
3.0MB
-
MD5
2e893ed360a5b3586ae13862a492652f
-
SHA1
053d796519b37d69bf6650f92c5404ef9830ec43
-
SHA256
ec20d0a098f22992a04e3b875996a6af49e023e929fea3e6192c7444fb80553f
-
SHA512
f5720175d6383ac7053c1138d3c88c2b4f152985620771e595b698960e699268b3926b000adbf7cc53f184f9d6a5611b34ebad7810da4a973820e9f94af7afec
-
SSDEEP
3072:gOMWWSK0P5mUSfibfWZN7T7VE+NFlC7575eGlGE32qXaj1slgD71dwMbb9rp6D9B:y1Ye4E/e/gElEiLnD
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-