General
-
Target
#00773.zip
-
Size
7KB
-
Sample
211220-wjky2accar
-
MD5
bbb5d7c63dae2e5049ae779369867ff5
-
SHA1
28990673ed1e73b79fea8eaa724a6beb8b7ea816
-
SHA256
74d186162801d823dcc56107084c8db3337f41822458477b36bc849dffae5cde
-
SHA512
9ecf187db9d7817f49d162a3ecf24c4fe2bab432d270f1db80c1560b86ce3cefbb371053772ea4b71932a9d83b4bc477546a3df3544cbd65065489cca00a4206
Static task
static1
Behavioral task
behavioral1
Sample
WTRMAOSP.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
WTRMAOSP.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://moneyworm.duckdns.org:8756
Targets
-
-
Target
WTRMAOSP.js
-
Size
9KB
-
MD5
09f5d89a8c21d1c7602463e423c07b8a
-
SHA1
30968c850326a008743fbc5639c60ce8371bba7d
-
SHA256
d4b12da63e87619d8a738dbedcae1ec2af9372a402d54df3b5f3006a649b566d
-
SHA512
dc1259774c73452e4f43ff873b80f7895de35e118d3ad0cc2b5b3fc47f829d9fd5e2dc6bcd48abd64614f275a8b2e45e0ffeff74a6476b98584d80141c86fb31
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-