General
-
Target
2nd_Payment.js
-
Size
9KB
-
Sample
211201-v91xhaeebl
-
MD5
a6575cd0b64d66c9960bf433acc58545
-
SHA1
57d0995d062d4bc2d54099190f200b1ce42cc8eb
-
SHA256
248caf264d98028c4ea4220d9aae5cb90974b2f8b47839d2c7d841e516aec419
-
SHA512
84ffa67fb8a51bb2f0f8be5f607276e5319818f95944ccdf4db37b8bc03a59ef318c4ff8226857c02fa6e088c5dcd3c1cf3c6d61e113750d0ad48e1a836d8bdb
Static task
static1
Behavioral task
behavioral1
Sample
2nd_Payment.js
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
2nd_Payment.js
Resource
win10-en-20211014
Malware Config
Extracted
vjw0rm
http://marshjohn989.duckdns.org:7920
Targets
-
-
Target
2nd_Payment.js
-
Size
9KB
-
MD5
a6575cd0b64d66c9960bf433acc58545
-
SHA1
57d0995d062d4bc2d54099190f200b1ce42cc8eb
-
SHA256
248caf264d98028c4ea4220d9aae5cb90974b2f8b47839d2c7d841e516aec419
-
SHA512
84ffa67fb8a51bb2f0f8be5f607276e5319818f95944ccdf4db37b8bc03a59ef318c4ff8226857c02fa6e088c5dcd3c1cf3c6d61e113750d0ad48e1a836d8bdb
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-