General
-
Target
Interac Payment.js
-
Size
3KB
-
Sample
211022-j3vlcsccak
-
MD5
70248b64f0da47a78531964998bd071a
-
SHA1
761b6341377def95d8558e806e6516b4548f8566
-
SHA256
ec94a85166da6bff3051c6960ff02eb964ed676d15a7d426b4a075c32d892a70
-
SHA512
e098e34bc1fdaed9b8e4c85699a2352344848bdf11e6590c8fdff22b489744e30bddebefd5e34b394ac5a0db50f725b281bf2907a542dbd0e1ee6bbf3e5f5215
Static task
static1
Behavioral task
behavioral1
Sample
Interac Payment.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Interac Payment.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://jswormpeople.duckdns.org:1921
Targets
-
-
Target
Interac Payment.js
-
Size
3KB
-
MD5
70248b64f0da47a78531964998bd071a
-
SHA1
761b6341377def95d8558e806e6516b4548f8566
-
SHA256
ec94a85166da6bff3051c6960ff02eb964ed676d15a7d426b4a075c32d892a70
-
SHA512
e098e34bc1fdaed9b8e4c85699a2352344848bdf11e6590c8fdff22b489744e30bddebefd5e34b394ac5a0db50f725b281bf2907a542dbd0e1ee6bbf3e5f5215
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-