General
-
Target
TWG001.iso
-
Size
78KB
-
Sample
220127-tk8elsgah3
-
MD5
80b1a34d71b4d5c0b99c19a6259cd93e
-
SHA1
6e121478150517b52c75e99c8d94538763fad0f1
-
SHA256
386128b90172d3ff50f69382446600ac2703d5a50907c02aac25db73c7be50b1
-
SHA512
a1bda63df68c72b580fd3fcfd84e3dd3425cdd799dbba0b1b9154fd107036a819aac90ad0e749da797d01d24abb4dc9972f6ca468c55b1eb9015cbb11f7d5838
Static task
static1
Behavioral task
behavioral1
Sample
OHTEYYRNYRTUOHCKYTYP.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
OHTEYYRNYRTUOHCKYTYP.vbs
Resource
win10-en-20211208
Malware Config
Extracted
http://15.188.246.78/Q/RILSXDKOPJHN.TXT
Extracted
nworm
v0.3.8
nyanmoney02.duckdns.org:9031
2e3fb6d0
Targets
-
-
Target
OHTEYYRNYRTUOHCKYTYP.vbs
-
Size
17KB
-
MD5
e04e4cb7e410b885babba54cd59d5ae9
-
SHA1
4a4c1dc6d7a391aba21719e2b5595c11a172fd8c
-
SHA256
1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4
-
SHA512
b1824f04a2b3a270a54aaba06efacd06af36d8f508fe4b41dcf6bf3901c129c063d77eaa79d5b2fca3b92cac07aad36a4178af188d3f3bb5b4af227b87cb7941
Score10/10-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-