Extracted

• • Target

    Pallet Mould MMS Request Order-220622.js

  • Size

    323KB

  • MD5

    73a4f7e471f47640742447c9613248cb

  • SHA1

    bd554c8f425a9f688ab08917deac4a01d8812047

  • SHA256

    64e720c53e8c90e2fb1bf2480637cd245fbf71b2e1ce3f419bb062352d21a767

  • SHA512

    d48146902099a0c941bc52685dd4f4d0fab32b2d0d2ec8186616d01b19ee440b1880ba51cac02c5603c6163eea08798407e6949decbcfeb9781da3caf773cf4f

  Score

  10^/10

  redlinevjw0rmfirstfilediscoveryinfostealerpersistencespywarestealersuricatatrojanworm

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

    suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

    suricata

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2