General
-
Target
TBWK002.js
-
Size
13KB
-
Sample
220128-symjmaffgr
-
MD5
c910f8d83cff9e13f76968bca257e685
-
SHA1
509830e988ae5282f99eff728039a96434f30a47
-
SHA256
244aad5b560717a651e3aeef507fe14c778204e586a58c08b6936645aad483c4
-
SHA512
e4e3ecef3f4cdab3aa2a63a22ccb20b7665807333b166bc8081b3447f7ad8771fbf6c32b8bcd2d46d72db60bdabc348bbe9915799a791e06a9fc952ecc59ea38
Static task
static1
Behavioral task
behavioral1
Sample
TBWK002.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
TBWK002.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://hopdhosjd.duckdns.org:9035
Targets
-
-
Target
TBWK002.js
-
Size
13KB
-
MD5
c910f8d83cff9e13f76968bca257e685
-
SHA1
509830e988ae5282f99eff728039a96434f30a47
-
SHA256
244aad5b560717a651e3aeef507fe14c778204e586a58c08b6936645aad483c4
-
SHA512
e4e3ecef3f4cdab3aa2a63a22ccb20b7665807333b166bc8081b3447f7ad8771fbf6c32b8bcd2d46d72db60bdabc348bbe9915799a791e06a9fc952ecc59ea38
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-