General
-
Target
YR6583.js
-
Size
13KB
-
Sample
220206-j8fpdsggc9
-
MD5
c692ea8fe02da8778e48dc68498f34e3
-
SHA1
6417731002149559480b25d1d79e9709f804a0e3
-
SHA256
03d52abfd15cbb32ef73e80419d8653e104d11aeab19f3df157ccf532fe8476e
-
SHA512
b25cb1f25616256e602a54ed677ee704f21b557f0a56326ec30556c4f2ab8980a07bf5b80f10d9073315316d3b05a1ffa41e1eceb44c44ac266718a09e631f7c
Static task
static1
Behavioral task
behavioral1
Sample
YR6583.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
YR6583.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://joshdh.duckdns.org:6583
Targets
-
-
Target
YR6583.js
-
Size
13KB
-
MD5
c692ea8fe02da8778e48dc68498f34e3
-
SHA1
6417731002149559480b25d1d79e9709f804a0e3
-
SHA256
03d52abfd15cbb32ef73e80419d8653e104d11aeab19f3df157ccf532fe8476e
-
SHA512
b25cb1f25616256e602a54ed677ee704f21b557f0a56326ec30556c4f2ab8980a07bf5b80f10d9073315316d3b05a1ffa41e1eceb44c44ac266718a09e631f7c
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-