General
-
Target
Waybill #01-3921.js
-
Size
249KB
-
Sample
220104-s1xglshbg7
-
MD5
3fe9f6b689e786657c7838bce3d5200c
-
SHA1
a91463d65e75e2364bdcf1c5b04b26a823c889f2
-
SHA256
19eb1f56be26f6384d059e64487fb8ebd3d4aeba60ae16f9d3798dff2b1c9fd2
-
SHA512
0d63ec1637d8c53d8b1e4285eb1894d248ab6e18e152f0ff246f22a4a83ac3163c6db4a7a740ad7fd77507b7c0da6861b63a0558200d6090c12b1e577751f842
Static task
static1
Behavioral task
behavioral1
Sample
Waybill #01-3921.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Waybill #01-3921.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://ecolo.duckdns.org:26008
Targets
-
-
Target
Waybill #01-3921.js
-
Size
249KB
-
MD5
3fe9f6b689e786657c7838bce3d5200c
-
SHA1
a91463d65e75e2364bdcf1c5b04b26a823c889f2
-
SHA256
19eb1f56be26f6384d059e64487fb8ebd3d4aeba60ae16f9d3798dff2b1c9fd2
-
SHA512
0d63ec1637d8c53d8b1e4285eb1894d248ab6e18e152f0ff246f22a4a83ac3163c6db4a7a740ad7fd77507b7c0da6861b63a0558200d6090c12b1e577751f842
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-