General
-
Target
CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js
-
Size
45KB
-
Sample
211019-kceynagcfr
-
MD5
8c7d90878061ce94f70b41a3d2678379
-
SHA1
7d08d5be9c64a49ccfeeb14aee806cb017d941db
-
SHA256
d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13
-
SHA512
e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792
Static task
static1
Behavioral task
behavioral1
Sample
CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js
Resource
win7-en-20210920
Malware Config
Extracted
wshrat
http://faxjohn01.dyn.ddnss.de:1251
Targets
-
-
Target
CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js
-
Size
45KB
-
MD5
8c7d90878061ce94f70b41a3d2678379
-
SHA1
7d08d5be9c64a49ccfeeb14aee806cb017d941db
-
SHA256
d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13
-
SHA512
e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-