General
-
Target
URGHOPMYNBD003.js
-
Size
57KB
-
Sample
220118-s1g2xsbhgp
-
MD5
214df14372b4d256aa79f43842e73540
-
SHA1
16f83196a1d71d0e3332db373ba5b3da097e1b63
-
SHA256
0058c841587c86054841a3045ad55eddf3dd2e570865892852750f4479ba0d27
-
SHA512
97a5eadf11a9c09c7d71587b9a8c503e20d6cdc38a03b11e0826302a303c11e529fb46e48c08bbb95e178a30c143fdd6cd9804313fa16e2530ec53bc07601c2c
Static task
static1
Behavioral task
behavioral1
Sample
URGHOPMYNBD003.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
URGHOPMYNBD003.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://wormwma789.duckdns.org:7891
Targets
-
-
Target
URGHOPMYNBD003.js
-
Size
57KB
-
MD5
214df14372b4d256aa79f43842e73540
-
SHA1
16f83196a1d71d0e3332db373ba5b3da097e1b63
-
SHA256
0058c841587c86054841a3045ad55eddf3dd2e570865892852750f4479ba0d27
-
SHA512
97a5eadf11a9c09c7d71587b9a8c503e20d6cdc38a03b11e0826302a303c11e529fb46e48c08bbb95e178a30c143fdd6cd9804313fa16e2530ec53bc07601c2c
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-