General
-
Target
ROPSQ90P.js
-
Size
57KB
-
Sample
220121-tk7s3sadbp
-
MD5
6547a7437933b39ef6cdc9658a6a9ef5
-
SHA1
1a779d83880ca05511429e64588547d3c9940fee
-
SHA256
d024f46242a5642188fe8680d38f3d0ac0daa354288daa92946ca072d5c54f01
-
SHA512
85c9d74c9c4929c9def69a50f0425bf1659d46e433c7288a5e2266be77d7b0dd4b45ace640a6d61641aa50f1353bea0dbf0d14924fcad634d3d26622d929c8d1
Static task
static1
Behavioral task
behavioral1
Sample
ROPSQ90P.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ROPSQ90P.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://rosenberth.duckdns.org:5633
Targets
-
-
Target
ROPSQ90P.js
-
Size
57KB
-
MD5
6547a7437933b39ef6cdc9658a6a9ef5
-
SHA1
1a779d83880ca05511429e64588547d3c9940fee
-
SHA256
d024f46242a5642188fe8680d38f3d0ac0daa354288daa92946ca072d5c54f01
-
SHA512
85c9d74c9c4929c9def69a50f0425bf1659d46e433c7288a5e2266be77d7b0dd4b45ace640a6d61641aa50f1353bea0dbf0d14924fcad634d3d26622d929c8d1
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-