General
-
Target
#00771.zip
-
Size
23KB
-
Sample
211220-wjky2abde2
-
MD5
1da38cd2e3743864d0634afeaa82c714
-
SHA1
08f8a82df86c11fc0cf72e65d31f27424de000e2
-
SHA256
ec638aada9c69c74a1a0e31144c36d9a759f045c6ce90eb8b09a5f7644fb4957
-
SHA512
8e4c9bdd29c6733fcd97ffdd8519fcae1b842a8a34a25f997328791e0fad9293a9d7ae9d25e2c3a0b3c10657413165bc4bd82d87fb1e16e9799a470c7b166d8b
Static task
static1
Behavioral task
behavioral1
Sample
GKOPEWRYU.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
GKOPEWRYU.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://moneyworm.duckdns.org:8756
Targets
-
-
Target
GKOPEWRYU.js
-
Size
61KB
-
MD5
6c65767545d7ad14fa6f2aa28fdd37e1
-
SHA1
7a31fc2c58c387e538b8d2c6e288cfacee899ea2
-
SHA256
4659be2ae1f69a483f84a858f35ab0b184031a1dbdccfb8b89decaa75004f249
-
SHA512
73161f26b1cbd297c89a7b9811837b3bae6a44bf022aadd94ec1c57daddc2092c43809b002e4aab2cd59ecd2cb8ad106ede24d459be2831bf38537c6b8396ea8
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-