General
-
Target
stLbWbDhor_p0wer.js
-
Size
6KB
-
Sample
220719-wqarmsfha7
-
MD5
fcd73eadcaf23aa849c386ab29645ee0
-
SHA1
6c22a65b42240b3b7aee87839e307c0bd7f44e03
-
SHA256
289560b71f8a92b09ec3ba851c74411dfc4ad7a2d33434e272e5aa06f53495d4
-
SHA512
e1819a2c2c9b49a872fd22abb869c6d0d806c32669544f623e2c95407ba6003e75ef444b4ebbed25cea52b7b73ea045ee17cced6a470faf6ee2602048c60ef94
Static task
static1
Behavioral task
behavioral1
Sample
stLbWbDhor_p0wer.js
Resource
win7-20220715-en
Malware Config
Extracted
vjw0rm
http://198.23.212.140:63006
Targets
-
-
Target
stLbWbDhor_p0wer.js
-
Size
6KB
-
MD5
fcd73eadcaf23aa849c386ab29645ee0
-
SHA1
6c22a65b42240b3b7aee87839e307c0bd7f44e03
-
SHA256
289560b71f8a92b09ec3ba851c74411dfc4ad7a2d33434e272e5aa06f53495d4
-
SHA512
e1819a2c2c9b49a872fd22abb869c6d0d806c32669544f623e2c95407ba6003e75ef444b4ebbed25cea52b7b73ea045ee17cced6a470faf6ee2602048c60ef94
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-