General
-
Target
8023_Payment_Copy.iso
-
Size
124KB
-
Sample
211214-w3ma7shcbm
-
MD5
0ea1ca9ef33a3ed6def5157b568fab0c
-
SHA1
88fddbaf6f665c7c8dc8de65f9bc8cd187475fa9
-
SHA256
80b1044ab73ae72dcdd8bab5a01c277f99bd1bf31296e22cf3c3d1014defbefd
-
SHA512
9a8fd34739c8c6250687e54732724051cd7931c5e53b3aa911c4c5bb5ae0aa302b777d68a65e65d12bc9e264ecc169e7824a99fa96a3bbf24e7a6befdb28363e
Static task
static1
Behavioral task
behavioral1
Sample
8023_Payment_Copy.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8023_Payment_Copy.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://wormming.duckdns.org:8023
Targets
-
-
Target
8023_Payment_Copy.js
-
Size
62KB
-
MD5
f91ad741727a485b74a5cd3d0a32163a
-
SHA1
05fcc5bbd03cfbd35174d7d2ef991f345d167ad0
-
SHA256
3c85914030d8cdb4c41ca8cd0d24b785fef114aa2c1f9864feb028abd3d80356
-
SHA512
6762e1ae2c087e0937e107acc6dff7724eada47ddf861edca18df330fb6ab83fe1bf445b930ad2da1771a53f5f69ac0e0d57faa057080746b5fcd295b7f68151
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-