General
-
Target
QROSLK40MKSD.js
-
Size
9KB
-
Sample
211210-kdkkjafgh8
-
MD5
efe7b98b685c2f180c40198cc93550a6
-
SHA1
6990454c9d338a50fbb443990a766d211e76e2f2
-
SHA256
0960069e6f40570d52fcc5293d08cf6c75f01c04f11d35551858a587dc78a856
-
SHA512
10e2702040a1d89b2c3caaafc6d3ea98e26bc7936283a3c1eb3049579cf39740a55d54fc4c88d0430664b1301347c9f1f1e76a29b768dfe765f732b7cab87dbd
Static task
static1
Behavioral task
behavioral1
Sample
QROSLK40MKSD.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
QROSLK40MKSD.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://wormmondg.duckdns.org:9034
Targets
-
-
Target
QROSLK40MKSD.js
-
Size
9KB
-
MD5
efe7b98b685c2f180c40198cc93550a6
-
SHA1
6990454c9d338a50fbb443990a766d211e76e2f2
-
SHA256
0960069e6f40570d52fcc5293d08cf6c75f01c04f11d35551858a587dc78a856
-
SHA512
10e2702040a1d89b2c3caaafc6d3ea98e26bc7936283a3c1eb3049579cf39740a55d54fc4c88d0430664b1301347c9f1f1e76a29b768dfe765f732b7cab87dbd
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-