General
-
Target
PAYMENT.js
-
Size
3KB
-
Sample
211025-gzc6ssfff3
-
MD5
9375cf510a3053d861e39dc9fdc90c69
-
SHA1
f157b3cbd1bb8d0b405cd3268e134b3d2b1e02d1
-
SHA256
73b0fd6022d73d252b8d897231057ca4afe36642405bf7cfa9c41c542d17cf47
-
SHA512
fb92478ba938b4c2d45d917cd03b6876282849a5fe67efb5bde7340c1e0e158cce44fffd4cb0eb91bf39110ab3e128b07988b064db3fe0bc634e2ecb9c0311a5
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PAYMENT.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://jswormpeople.duckdns.org:1921
Targets
-
-
Target
PAYMENT.js
-
Size
3KB
-
MD5
9375cf510a3053d861e39dc9fdc90c69
-
SHA1
f157b3cbd1bb8d0b405cd3268e134b3d2b1e02d1
-
SHA256
73b0fd6022d73d252b8d897231057ca4afe36642405bf7cfa9c41c542d17cf47
-
SHA512
fb92478ba938b4c2d45d917cd03b6876282849a5fe67efb5bde7340c1e0e158cce44fffd4cb0eb91bf39110ab3e128b07988b064db3fe0bc634e2ecb9c0311a5
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-