General
-
Target
YSOKNUOW.js
-
Size
13KB
-
Sample
220127-v75gxagean
-
MD5
bda43336bf6249a4e667d207d62cc910
-
SHA1
9dc42b7d9dfd2b3f5a22e71abb0106fdc736bf4a
-
SHA256
9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
SHA512
af80aa64ca5d29d5f1839b38330a158507faac2ec305242d94d4c041da65c8b8a8ed8c927e1cd6e1383f1fe1335a814c6d28b1bbc366e3de3d9898478edd1650
Static task
static1
Behavioral task
behavioral1
Sample
YSOKNUOW.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
YSOKNUOW.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://jdfodl45.duckdns.org:9032
Targets
-
-
Target
YSOKNUOW.js
-
Size
13KB
-
MD5
bda43336bf6249a4e667d207d62cc910
-
SHA1
9dc42b7d9dfd2b3f5a22e71abb0106fdc736bf4a
-
SHA256
9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
SHA512
af80aa64ca5d29d5f1839b38330a158507faac2ec305242d94d4c041da65c8b8a8ed8c927e1cd6e1383f1fe1335a814c6d28b1bbc366e3de3d9898478edd1650
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-