General
-
Target
INTERAC Service Request9466544665440.js
-
Size
3KB
-
Sample
211008-metkyadgh6
-
MD5
38ecf70cf09d8c499546c01c028dd70f
-
SHA1
d4d57eeb688d2abe1eeae5b0dc142d588246648b
-
SHA256
7acb1e3e7f173f2cc884c87a15260f06f59ed45e79e979afb37e361dd0b2625d
-
SHA512
bd92d0a81b6c9b553d11ace0f680f677a727de965703205955c92650ed43fe68f593b228e62d90acafc53e34864e4715eebd877808e2b160ee1d3dfeaf9462bc
Static task
static1
Behavioral task
behavioral1
Sample
INTERAC Service Request9466544665440.js
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
INTERAC Service Request9466544665440.js
Resource
win10v20210408
Malware Config
Extracted
vjw0rm
http://jswormpeople.duckdns.org:1921
Targets
-
-
Target
INTERAC Service Request9466544665440.js
-
Size
3KB
-
MD5
38ecf70cf09d8c499546c01c028dd70f
-
SHA1
d4d57eeb688d2abe1eeae5b0dc142d588246648b
-
SHA256
7acb1e3e7f173f2cc884c87a15260f06f59ed45e79e979afb37e361dd0b2625d
-
SHA512
bd92d0a81b6c9b553d11ace0f680f677a727de965703205955c92650ed43fe68f593b228e62d90acafc53e34864e4715eebd877808e2b160ee1d3dfeaf9462bc
Score10/10-
WSHRAT Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-