General
-
Target
ROOZ_Invoice_Copy.js
-
Size
11KB
-
Sample
211019-kgpcwsgchn
-
MD5
b2931677748da184be75854369749dc9
-
SHA1
1dd339c87a703195ed29ab84792e30611a9917e6
-
SHA256
bbceba6fd06b01bd5c69ccab1ea106189455e1e85e577e278f9f362940b5442c
-
SHA512
0c8399e08da2194700ac5d2729b35abcb4c2642a4825ba46968ee1c8c21071f68c21b99297638d543440e3bf854cfc17d0ec390716a2fb2bcd9961611bd3c894
Static task
static1
Behavioral task
behavioral1
Sample
ROOZ_Invoice_Copy.js
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ROOZ_Invoice_Copy.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://btime1624.duckdns.org:7923
http://jw9428875.duckdns.org:1991
http://js1994.duckdns.org:4093
Targets
-
-
Target
ROOZ_Invoice_Copy.js
-
Size
11KB
-
MD5
b2931677748da184be75854369749dc9
-
SHA1
1dd339c87a703195ed29ab84792e30611a9917e6
-
SHA256
bbceba6fd06b01bd5c69ccab1ea106189455e1e85e577e278f9f362940b5442c
-
SHA512
0c8399e08da2194700ac5d2729b35abcb4c2642a4825ba46968ee1c8c21071f68c21b99297638d543440e3bf854cfc17d0ec390716a2fb2bcd9961611bd3c894
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-