General
-
Target
AgJGcJMTnh_ned7070vjw0m.js
-
Size
201KB
-
Sample
220809-w93lrsedek
-
MD5
d3ee8c2c785b988fffbe118c64050ee7
-
SHA1
5abfc8ee3eb176f6ea3788245564bf1e4ae1ead1
-
SHA256
f2b227c75d85f5ce26544b4de5bfbab65165081c286c4bb876926fac7fea8c3e
-
SHA512
2166e0b61d1865ac948a3f87b1421553eb2a63d1589129598f853d9500be48dcd640c3d9ab41b9c4def2d6793cb1ac2e9902237c848705b2fa220657a87e752f
Static task
static1
Behavioral task
behavioral1
Sample
AgJGcJMTnh_ned7070vjw0m.js
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
AgJGcJMTnh_ned7070vjw0m.js
Resource
win10v2004-20220721-en
Malware Config
Extracted
vjw0rm
http://185.157.162.75:7070
Targets
-
-
Target
AgJGcJMTnh_ned7070vjw0m.js
-
Size
201KB
-
MD5
d3ee8c2c785b988fffbe118c64050ee7
-
SHA1
5abfc8ee3eb176f6ea3788245564bf1e4ae1ead1
-
SHA256
f2b227c75d85f5ce26544b4de5bfbab65165081c286c4bb876926fac7fea8c3e
-
SHA512
2166e0b61d1865ac948a3f87b1421553eb2a63d1589129598f853d9500be48dcd640c3d9ab41b9c4def2d6793cb1ac2e9902237c848705b2fa220657a87e752f
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-