General
-
Target
YBM001.js
-
Size
59KB
-
Sample
220128-zr7pjsddcq
-
MD5
d43d8d4e8035a94c096e1398ab5a53e2
-
SHA1
685522ae3ab04dac92af6444a0eb77026ef5d296
-
SHA256
c7e3e8581a05333303a4e4fd78a42fdc4724457bdb0b2961c00b257a6a63f68c
-
SHA512
54713700924322b6cc306e525e55223090ae7f542fd6f4dc6b28a499ce0fa5330fc1c3b0fd4b8d948aeaa848c0847d683732ddffabcabc65ee288e1eb0d04e17
Static task
static1
Behavioral task
behavioral1
Sample
YBM001.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
YBM001.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://hopdhosjd.duckdns.org:9035
Targets
-
-
Target
YBM001.js
-
Size
59KB
-
MD5
d43d8d4e8035a94c096e1398ab5a53e2
-
SHA1
685522ae3ab04dac92af6444a0eb77026ef5d296
-
SHA256
c7e3e8581a05333303a4e4fd78a42fdc4724457bdb0b2961c00b257a6a63f68c
-
SHA512
54713700924322b6cc306e525e55223090ae7f542fd6f4dc6b28a499ce0fa5330fc1c3b0fd4b8d948aeaa848c0847d683732ddffabcabc65ee288e1eb0d04e17
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-