General
-
Target
s6a8Paymentreceipt.js
-
Size
81KB
-
Sample
211025-yldzlsgfb4
-
MD5
d8953385a8ee8490c61653b1d3e9917c
-
SHA1
03760668db8b6757eab5e19b76a71b64d8836b1b
-
SHA256
6d420d14c9f651adff3bcde6a5e072278c4089585a4df9cfa9e3f4ef69640f83
-
SHA512
e28701e4f0816c97e5b8f5c5bfc34d2f00783ddc382006633750b9655a7cfaeaa4b7c4daf446eb9df071d9026074e11cc5a52bf7e077d1f6411cf77f35761ed9
Static task
static1
Behavioral task
behavioral1
Sample
s6a8Paymentreceipt.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
s6a8Paymentreceipt.js
Resource
win10-en-20210920
Malware Config
Extracted
vjw0rm
http://6200js.duckdns.org:6200
Targets
-
-
Target
s6a8Paymentreceipt.js
-
Size
81KB
-
MD5
d8953385a8ee8490c61653b1d3e9917c
-
SHA1
03760668db8b6757eab5e19b76a71b64d8836b1b
-
SHA256
6d420d14c9f651adff3bcde6a5e072278c4089585a4df9cfa9e3f4ef69640f83
-
SHA512
e28701e4f0816c97e5b8f5c5bfc34d2f00783ddc382006633750b9655a7cfaeaa4b7c4daf446eb9df071d9026074e11cc5a52bf7e077d1f6411cf77f35761ed9
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-