General
-
Target
Paymentcopy.js
-
Size
3KB
-
Sample
211025-p6xssagbf4
-
MD5
3448393a1a50e79a9a961d9a13aa2794
-
SHA1
cf762db80a67730a543956c6a08d98083907e218
-
SHA256
f98fd2b5cf22ba928eb207f02d2408b3c000c2a8777bfafbc37fef3b649ebd42
-
SHA512
b1497dda05013a63d6833c3f55b64c72e8d315e15c44deb06b34ec7130751899d49a9d52bbc3581b49ae617b368afeaba348147d6f788a769d1fa7a944bf934c
Static task
static1
Behavioral task
behavioral1
Sample
Paymentcopy.js
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Paymentcopy.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://jswormpeople.duckdns.org:1921
Targets
-
-
Target
Paymentcopy.js
-
Size
3KB
-
MD5
3448393a1a50e79a9a961d9a13aa2794
-
SHA1
cf762db80a67730a543956c6a08d98083907e218
-
SHA256
f98fd2b5cf22ba928eb207f02d2408b3c000c2a8777bfafbc37fef3b649ebd42
-
SHA512
b1497dda05013a63d6833c3f55b64c72e8d315e15c44deb06b34ec7130751899d49a9d52bbc3581b49ae617b368afeaba348147d6f788a769d1fa7a944bf934c
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-