General
-
Target
PO-65547.js
-
Size
991KB
-
Sample
240220-js594sde3s
-
MD5
aafc903e2da3937dd6935e68df71841c
-
SHA1
9b4d79db9a4a6427b054d0d36bcfbd8d5cb45ab6
-
SHA256
199c0b3ea9f01df011aa51f9b4d8089c5b14b5d33bfcc863134338f3cc8c3f15
-
SHA512
bc904c346dad17f7c005c1af19ad5205e4995b9c8b63c95bd4a3d153c8de95f391822be40debf6821a3b8bc54a2244c380dc3cd89f54b52cee615d337b6054e7
-
SSDEEP
6144:XQkWmUsgsefPwG26JSPE3DvZ3L3DevaCx96kZLZYXInDouV5DuiJftC5D/3UBFR3:gXUHMcbP+Pu896t
Static task
static1
Behavioral task
behavioral1
Sample
PO-65547.js
Resource
win7-20231215-en
Malware Config
Extracted
wshrat
http://harold.jetos.com:3609
Targets
-
-
Target
PO-65547.js
-
Size
991KB
-
MD5
aafc903e2da3937dd6935e68df71841c
-
SHA1
9b4d79db9a4a6427b054d0d36bcfbd8d5cb45ab6
-
SHA256
199c0b3ea9f01df011aa51f9b4d8089c5b14b5d33bfcc863134338f3cc8c3f15
-
SHA512
bc904c346dad17f7c005c1af19ad5205e4995b9c8b63c95bd4a3d153c8de95f391822be40debf6821a3b8bc54a2244c380dc3cd89f54b52cee615d337b6054e7
-
SSDEEP
6144:XQkWmUsgsefPwG26JSPE3DvZ3L3DevaCx96kZLZYXInDouV5DuiJftC5D/3UBFR3:gXUHMcbP+Pu896t
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-