General
-
Target
QWUOPNSFGA802NM.js
-
Size
72KB
-
Sample
211209-tfm8waced6
-
MD5
91f6af74d269b8020d582cb41392ac11
-
SHA1
9c03d6159f46325a57c6888109cbd9ef6c7e0139
-
SHA256
126a1a59ccf49cb5c09e69f8588ece339dece436be5af14de462c871ec1fe83b
-
SHA512
c1446ce741756341d045b57d49347e4dbaa92e77640e554eab0a184a342ae9d5af7a2584d2907bf909fce6ff9a14a5568f01cbc6df305c5f76753565ddd2b0df
Static task
static1
Behavioral task
behavioral1
Sample
QWUOPNSFGA802NM.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
QWUOPNSFGA802NM.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://wormmondg.duckdns.org:9034
Targets
-
-
Target
QWUOPNSFGA802NM.js
-
Size
72KB
-
MD5
91f6af74d269b8020d582cb41392ac11
-
SHA1
9c03d6159f46325a57c6888109cbd9ef6c7e0139
-
SHA256
126a1a59ccf49cb5c09e69f8588ece339dece436be5af14de462c871ec1fe83b
-
SHA512
c1446ce741756341d045b57d49347e4dbaa92e77640e554eab0a184a342ae9d5af7a2584d2907bf909fce6ff9a14a5568f01cbc6df305c5f76753565ddd2b0df
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-