General
-
Target
RTOPHGD60JKFG.js
-
Size
54KB
-
Sample
220117-z9gabadbar
-
MD5
9bd30c870827786006549e2b7aad9af9
-
SHA1
69540b76ef13f8ba496e4c05ffb5480fc7b244b2
-
SHA256
64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
SHA512
e3250dba2438be0321590a33556e7374d9589c2a54d6d03c1427381adbff09b239ff1c84385175fe3396b37fc00817f487d2e64dfb9379190b344ac0dce1e4e9
Static task
static1
Behavioral task
behavioral1
Sample
RTOPHGD60JKFG.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RTOPHGD60JKFG.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://moneywarm2.duckdns.org:8034
Targets
-
-
Target
RTOPHGD60JKFG.js
-
Size
54KB
-
MD5
9bd30c870827786006549e2b7aad9af9
-
SHA1
69540b76ef13f8ba496e4c05ffb5480fc7b244b2
-
SHA256
64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
SHA512
e3250dba2438be0321590a33556e7374d9589c2a54d6d03c1427381adbff09b239ff1c84385175fe3396b37fc00817f487d2e64dfb9379190b344ac0dce1e4e9
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-