General
-
Target
YBK001.js
-
Size
13KB
-
Sample
220128-wcavgshhb4
-
MD5
127a1e9ba80835a082b319504a24e229
-
SHA1
cbf6f201dc02285a50ee295eff46fc8665c618a2
-
SHA256
632e773c5577142f1391a2f41986df740ebb30cdab7abdbabf574861a4452ce1
-
SHA512
c705ac0257778bb1fc7367400e468f5045846b0258be093b02e0223938577b29dc9c3f44891294ac3fca37f553c912fd072a449127724a79c0e200fabfc4e477
Static task
static1
Behavioral task
behavioral1
Sample
YBK001.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
YBK001.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://hopdhosjd.duckdns.org:9035
Targets
-
-
Target
YBK001.js
-
Size
13KB
-
MD5
127a1e9ba80835a082b319504a24e229
-
SHA1
cbf6f201dc02285a50ee295eff46fc8665c618a2
-
SHA256
632e773c5577142f1391a2f41986df740ebb30cdab7abdbabf574861a4452ce1
-
SHA512
c705ac0257778bb1fc7367400e468f5045846b0258be093b02e0223938577b29dc9c3f44891294ac3fca37f553c912fd072a449127724a79c0e200fabfc4e477
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-