General
-
Target
Tax Returns of R48_765.js.zip
-
Size
212KB
-
Sample
240613-flzbfaydrn
-
MD5
a41220790b353a099b9f4ad4597ada6c
-
SHA1
9d1ef48e97632be1a86425846195308dae8449c7
-
SHA256
711cde8967739737b59a8ea4a2f3105611b27ea839e7289baedd7840059d4797
-
SHA512
61dd43dbb3e5bf3f5a5c6764b3400c96963dc32c24a6e320fd8b9e1965e46b66c223d9887e529ab12983d97bd183835afa09b477f592feffcfaaddd0efef9dc5
-
SSDEEP
6144:aeXv98Pk1CR272j/uuDwLT6D4tjv8nj/XUWBKnWNHz:Nv98PkcbOH6UB8zKnUT
Static task
static1
Behavioral task
behavioral1
Sample
Tax Returns of R48_765.js
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Tax Returns of R48_765.js
Resource
win11-20240508-en
Malware Config
Extracted
wshrat
http://harold.2waky.com:3609
Targets
-
-
Target
Tax Returns of R48_765.js
-
Size
957KB
-
MD5
0f597e6821a29bc87b36222f08eff311
-
SHA1
e7f24cd04de9b92c013d71d3de526461cfb33c91
-
SHA256
df018cc7e708b47edfe4f39769058ce0ba10a65fe653d3a32412dd504d3f2028
-
SHA512
693ed1331f7f048789c11bc661949519149c43e3a76b3b600a1990f74763500a6b4a5efb532921bcdb58b27f3a136af9ba63e2e1dce4094fe078076d0073f1a7
-
SSDEEP
6144:QQ5C90ha3hcY0c5OyZD5i8frkU+uKCbbBGZs3xh527wIy+6Y16vLKdYoiAL1Xl4R:TKF
-
Blocklisted process makes network request
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-