General
-
Target
OHTEYYRNYRTUOHCKYTYP.vbs
-
Size
17KB
-
Sample
220128-kwk9saagc9
-
MD5
e04e4cb7e410b885babba54cd59d5ae9
-
SHA1
4a4c1dc6d7a391aba21719e2b5595c11a172fd8c
-
SHA256
1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4
-
SHA512
b1824f04a2b3a270a54aaba06efacd06af36d8f508fe4b41dcf6bf3901c129c063d77eaa79d5b2fca3b92cac07aad36a4178af188d3f3bb5b4af227b87cb7941
Static task
static1
Behavioral task
behavioral1
Sample
OHTEYYRNYRTUOHCKYTYP.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
OHTEYYRNYRTUOHCKYTYP.vbs
Resource
win10-en-20211208
Malware Config
Extracted
http://15.188.246.78/Q/RILSXDKOPJHN.TXT
Extracted
nworm
v0.3.8
nyanmoney02.duckdns.org:9031
2e3fb6d0
Targets
-
-
Target
OHTEYYRNYRTUOHCKYTYP.vbs
-
Size
17KB
-
MD5
e04e4cb7e410b885babba54cd59d5ae9
-
SHA1
4a4c1dc6d7a391aba21719e2b5595c11a172fd8c
-
SHA256
1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4
-
SHA512
b1824f04a2b3a270a54aaba06efacd06af36d8f508fe4b41dcf6bf3901c129c063d77eaa79d5b2fca3b92cac07aad36a4178af188d3f3bb5b4af227b87cb7941
Score10/10-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-