General
-
Target
XQUSOP_Invoice001.js
-
Size
10KB
-
Sample
211130-w92dpsfhdp
-
MD5
4b2504aac0ee1dc9e446d5f6734de048
-
SHA1
7bfed647e5a694f71e49723d7f45c094f456affb
-
SHA256
1193334169879222af20abdab6784f8c11ca2c52e5a740873d5305478c58d922
-
SHA512
4897a03dcacb2952e50e4651eab5aaf2a0560fde60309fca5c2cc9bdc99ad6c2975557f5b585613638f8c5badd57879de8ba61e41cba4bf32dd9c317078a4766
Static task
static1
Behavioral task
behavioral1
Sample
XQUSOP_Invoice001.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
XQUSOP_Invoice001.js
Resource
win10-en-20211104
Malware Config
Extracted
vjw0rm
http://37.0.10.5:8020
Targets
-
-
Target
XQUSOP_Invoice001.js
-
Size
10KB
-
MD5
4b2504aac0ee1dc9e446d5f6734de048
-
SHA1
7bfed647e5a694f71e49723d7f45c094f456affb
-
SHA256
1193334169879222af20abdab6784f8c11ca2c52e5a740873d5305478c58d922
-
SHA512
4897a03dcacb2952e50e4651eab5aaf2a0560fde60309fca5c2cc9bdc99ad6c2975557f5b585613638f8c5badd57879de8ba61e41cba4bf32dd9c317078a4766
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-