Sample File:

	MD5 hash:
		08bbc8496dba52068041bb715dee5f01

	SHA1 hash:
		23406158ebaa3ecd80b0ddca621cacc2854c7150

	SHA256 hash:
		263cf261a45e5d9cf420e9b5ccda364d3765a439623cbd7be64daf8cc57d7869

	Filename(s):
		Paquete_id345634563.PDF.js

	Filetype:
		JScript


Mutex IOCs:

		Relatorio_Erros


Registry Key IOCs:

		HKEY_CLASSES_ROOT\.JS
		HKEY_CLASSES_ROOT\JSFile\ScriptEngine
		HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
		HKEY_CURRENT_USER\Software\Borland\Locales
		HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Relatorio_Erros
		HKEY_CURRENT_USER\Software\Wine
		HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
		HKEY_LOCAL_MACHINE\Hardware\description\System
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features
		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
		HKEY_LOCAL_MACHINE\Software\Borland\Locales
		HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings


IP IOCs:

		46.28.105.149


URL IOCs:

		https://www.wkc.co.id/heritage58.com/js/lib/inode.jpg
		www.fuente-ovejuna.cz/admin/includes/css.php


File IOCs:

	Filenames:

		C:\Users\CIIHMN~1\Desktop\PAQUET~1.JS
		C:\Users\CIiHmnxMn6Ps\AppData\LocalRelatorio_Erros
		C:\Users\CIiHmnxMn6Ps\AppData\Local\Relatorio_Erros
		C:\Users\CIiHmnxMn6Ps\AppData\Local\Relatorio_Erros\sqlite3.dll
		C:\Users\CIiHmnxMn6Ps\AppData\Local\nzpnpqiti\86976.exe
		C:\Windows\system32\ntdll.dll
		\\.\NTICE
		\\.\SICE
		\\.\SIWVID

	MD5 hashes:

		d8aec01ff14e3e7ad43a4b71e30482e4
		f612bccf909dbc5bbf1779d44a9ca045

	SHA1 hashes:

		738f4a49580cf914a37bdd2ad5e264011d3ddd5f
		e3015f56f17d845ec7eef11d41bbbc28cc16d096

	SHA256 hashes:

		9407e4ce0df76e62f0ad9439f3a091909d6c540a83a19dfe6ee5e3990ad6bde9
		da1d608be064555ab3d3d35e6db64527b8c44f3fa5ddd7c3ec723f80fc99736e