General
-
Target
Scan0030.js
-
Size
898KB
-
Sample
230508-qacneaaf99
-
MD5
b2b05e1631db082866c8f9d38cddf403
-
SHA1
3f19e69b66bf8c50993b55e5744818e3e92d4156
-
SHA256
c7805522f881cfa27c3cc92917f28da0f770d1e4ffe5aa170751058553da73ed
-
SHA512
7b7f6ab57bb555e07bd39e21e1470ea73c2dc4c1fa97bc1bbfb3361f8f2659d503a445a90e4125556a2ceba4236f83a077961340c435db0e070a91f6269d4c56
-
SSDEEP
6144:ROD297zg2plJPacQwE6hkpA0LysIfFk9jvCsYS9H17d9qFPNL6Z4MnJHI9Q6NCwU:+LP
Static task
static1
Behavioral task
behavioral1
Sample
Scan0030.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Scan0030.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
wshrat
http://45.90.222.125:7121
Targets
-
-
Target
Scan0030.js
-
Size
898KB
-
MD5
b2b05e1631db082866c8f9d38cddf403
-
SHA1
3f19e69b66bf8c50993b55e5744818e3e92d4156
-
SHA256
c7805522f881cfa27c3cc92917f28da0f770d1e4ffe5aa170751058553da73ed
-
SHA512
7b7f6ab57bb555e07bd39e21e1470ea73c2dc4c1fa97bc1bbfb3361f8f2659d503a445a90e4125556a2ceba4236f83a077961340c435db0e070a91f6269d4c56
-
SSDEEP
6144:ROD297zg2plJPacQwE6hkpA0LysIfFk9jvCsYS9H17d9qFPNL6Z4MnJHI9Q6NCwU:+LP
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-