General
-
Target
RY003.js
-
Size
14KB
-
Sample
220125-sk614shfaq
-
MD5
d8f874bd74588107bfd3f3acc68991d8
-
SHA1
5ac811daadc0c9f7bd0b0fc53fe03f17585dc1c4
-
SHA256
3dc741895be0ad6dd1f03d38488bbdf1d5f48517cb51de782639c4036c46d128
-
SHA512
8e8027a0cd90ddf18db59946f4786d651b300bae29a0494ecf0e4b56910d92feab1ac9f38f687d793e5fa54ee00fedcdfae2d1655d96f5845605984e9b0714e4
Static task
static1
Behavioral task
behavioral1
Sample
RY003.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RY003.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://moneyworm6.duckdns.org:1996
Targets
-
-
Target
RY003.js
-
Size
14KB
-
MD5
d8f874bd74588107bfd3f3acc68991d8
-
SHA1
5ac811daadc0c9f7bd0b0fc53fe03f17585dc1c4
-
SHA256
3dc741895be0ad6dd1f03d38488bbdf1d5f48517cb51de782639c4036c46d128
-
SHA512
8e8027a0cd90ddf18db59946f4786d651b300bae29a0494ecf0e4b56910d92feab1ac9f38f687d793e5fa54ee00fedcdfae2d1655d96f5845605984e9b0714e4
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-