General
-
Target
BSQ002.iso
-
Size
602KB
-
Sample
220211-s5w2msedfj
-
MD5
6e2bfca0d5c3861fe2da777399f32f6a
-
SHA1
e0846e536decdad46df8353c07e90abb9760b8a4
-
SHA256
dae8a21a0a648fdfaab4e7b927cee26d3f600ea3a6732f52490a64f167128f0e
-
SHA512
2f400b160a0ab239dd901c871caa85f0937b221227c93b46c0f2453331d6e3cfc67ce49fa7db8ce7a84042195f132e939de80e6b592df0cf79d41e543ec454cf
Static task
static1
Behavioral task
behavioral1
Sample
DRGRKEYUTGCHG.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
DRGRKEYUTGCHG.vbs
Resource
win10v2004-en-20220113
Malware Config
Extracted
nworm
v0.3.8
nyanmoj.duckdns.org:5057
moneyhope81.duckdns.org:5057
cb2d3cba
Targets
-
-
Target
DRGRKEYUTGCHG.VBS
-
Size
10KB
-
MD5
bd8dffacd8333c2cec6b8eb794965631
-
SHA1
28feabf6ee95f521c0ba21e4014b372d2553abd5
-
SHA256
e700d9c14903adf9a197c4264b53dd06ec47375de4b07b50df49a97052119930
-
SHA512
e900eede39e73529e1c8296d314ba3f4e25397a7bfff45b8e418f23e267f7e1369c69ce36d32e3d93938873cfd275221b42ef8cb6ad80e4c039d46d52fa7e52c
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-