General
-
Target
PAYMENT-COPY.js
-
Size
9KB
-
Sample
211208-xs8bcsacbq
-
MD5
7a04840e07461ac2dfa2bf45173587d8
-
SHA1
70285f4b9f5fab2ebd4797bf44d7ac4ef580b2de
-
SHA256
ffff88cae6d4f0d41580526be732216678392fd135a3482cb83d9b25ba336d37
-
SHA512
fc2dcff2c301008015e0e4f85b88cc7031d35df5f8d24893c5f9365ecc58b41d3d19cbf3cea94f507c49fc2276ba77dc876c16d15e10d9ee2f839499172db5ff
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT-COPY.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PAYMENT-COPY.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://mikeleejs.duckdns.org:2190
Targets
-
-
Target
PAYMENT-COPY.js
-
Size
9KB
-
MD5
7a04840e07461ac2dfa2bf45173587d8
-
SHA1
70285f4b9f5fab2ebd4797bf44d7ac4ef580b2de
-
SHA256
ffff88cae6d4f0d41580526be732216678392fd135a3482cb83d9b25ba336d37
-
SHA512
fc2dcff2c301008015e0e4f85b88cc7031d35df5f8d24893c5f9365ecc58b41d3d19cbf3cea94f507c49fc2276ba77dc876c16d15e10d9ee2f839499172db5ff
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-