General
-
Target
WSQUOMInvoice008.js
-
Size
9KB
-
Sample
211130-r7ls1sfcan
-
MD5
6f554c122b43c9780a60a899f5300a07
-
SHA1
b2b8d0759bfefd12a140d92a84e1a4b707ed2e59
-
SHA256
91b13af3fd1eff3cf15972acbf21ff6984c4d5e257a2b5c3797812a6005f9344
-
SHA512
358e6195abf7213d2d7fd848e1a3dde059a8f47a48b3de8780b715ae602441e0598ae578d050939e1d9daa469951513137e6dc080fcf6db0346b338bdac259bc
Static task
static1
Behavioral task
behavioral1
Sample
WSQUOMInvoice008.js
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
WSQUOMInvoice008.js
Resource
win10-en-20211104
Malware Config
Extracted
vjw0rm
http://37.0.10.5:8020
Targets
-
-
Target
WSQUOMInvoice008.js
-
Size
9KB
-
MD5
6f554c122b43c9780a60a899f5300a07
-
SHA1
b2b8d0759bfefd12a140d92a84e1a4b707ed2e59
-
SHA256
91b13af3fd1eff3cf15972acbf21ff6984c4d5e257a2b5c3797812a6005f9344
-
SHA512
358e6195abf7213d2d7fd848e1a3dde059a8f47a48b3de8780b715ae602441e0598ae578d050939e1d9daa469951513137e6dc080fcf6db0346b338bdac259bc
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-