General
-
Target
TOO89_Payment_Invoice.iso
-
Size
74KB
-
Sample
211018-r2xnbsefhq
-
MD5
e4212b979b861348f093eb502d54a555
-
SHA1
126bbb8e12495a386afa30771268fe4b5f017d29
-
SHA256
88d5612f38441b9fbccb9e2e43bba16291eea23e7d90bc7755920a0252369eff
-
SHA512
296622420cdff956e61c561995265c36e204c009159aaed967e150c7435abbda1ea8907eda67985a1960588090f6c1109d64287769bf0b6f8fbc035b246b3114
Static task
static1
Behavioral task
behavioral1
Sample
TOO89_Payment_Invoice.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
TOO89_Payment_Invoice.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://btime1624.duckdns.org:7923
Targets
-
-
Target
TOO89_Payment_Invoice.js
-
Size
12KB
-
MD5
3e7dd715a15046585cb8034a1fa847b3
-
SHA1
4cbe1b633a7859821c0b7082385407cb140a0ba5
-
SHA256
5518f5e20b27a4b10ebc7abce37c733ab532354b5db6aed7edf19c25caba2ff3
-
SHA512
42777bf0328fe9844aa93e8394f11aba8d02d6bbc77980da2c22bb5b9f9a646763ed4506976dfbf3d2476ca63fbc0845bb5be64c3a6c745daffdd7f7d85f960a
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-