General
-
Target
8022_Payment_Copy.js
-
Size
9KB
-
Sample
211214-thdr8agac3
-
MD5
534f0d3228422bb6d787f2a2ba8a1eeb
-
SHA1
2ab7150b65771c21799e373dc23f32f6cff31496
-
SHA256
45e51faaaefa2dbcb343a56b2c0be3c64b5fc0010f97a19bedc32d166f200435
-
SHA512
8c802344a21891a3d0d9abf5a45d3b227e1f42271efb109abb48b7be80e18daa333043ea40a6a253378b7055213f6afceb03453c47ed531f304e2eb33f887436
Static task
static1
Behavioral task
behavioral1
Sample
8022_Payment_Copy.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8022_Payment_Copy.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://decebermoney.duckdns.org:8022
Targets
-
-
Target
8022_Payment_Copy.js
-
Size
9KB
-
MD5
534f0d3228422bb6d787f2a2ba8a1eeb
-
SHA1
2ab7150b65771c21799e373dc23f32f6cff31496
-
SHA256
45e51faaaefa2dbcb343a56b2c0be3c64b5fc0010f97a19bedc32d166f200435
-
SHA512
8c802344a21891a3d0d9abf5a45d3b227e1f42271efb109abb48b7be80e18daa333043ea40a6a253378b7055213f6afceb03453c47ed531f304e2eb33f887436
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-