General
-
Target
POAUG29.js
-
Size
11KB
-
Sample
220829-ndpe9shfc3
-
MD5
0b5aacc1ccd2f9d5156ef0cbb29c3e4e
-
SHA1
07ddd944441342bc291ec3aedbdb0363a7b20f5c
-
SHA256
2f320ac0d8f435a328e394c7b895bad0e3a86f94dc3c492ffd2fc680a2d8eca2
-
SHA512
8a8e41db25638e8ef8cfa9401e1b71b21b20d01800aade03680a67fd18518f74c19f14d70fb3a4a034456a5cb815446bbf6fdaf90a6f3ec0e94f72cf64b04593
-
SSDEEP
192:MSHX72nk70b5PCcm11uqn6FgnG0hl/NMmNIRW/IFAHsKnAiRA2d+KSg2SwIlQKRw:rHr27bAMzzUVDlAA1AKAdKSg2SwQQKRw
Static task
static1
Behavioral task
behavioral1
Sample
POAUG29.js
Resource
win7-20220812-en
Malware Config
Extracted
vjw0rm
http://favour123.duckdns.org:1978
Targets
-
-
Target
POAUG29.js
-
Size
11KB
-
MD5
0b5aacc1ccd2f9d5156ef0cbb29c3e4e
-
SHA1
07ddd944441342bc291ec3aedbdb0363a7b20f5c
-
SHA256
2f320ac0d8f435a328e394c7b895bad0e3a86f94dc3c492ffd2fc680a2d8eca2
-
SHA512
8a8e41db25638e8ef8cfa9401e1b71b21b20d01800aade03680a67fd18518f74c19f14d70fb3a4a034456a5cb815446bbf6fdaf90a6f3ec0e94f72cf64b04593
-
SSDEEP
192:MSHX72nk70b5PCcm11uqn6FgnG0hl/NMmNIRW/IFAHsKnAiRA2d+KSg2SwIlQKRw:rHr27bAMzzUVDlAA1AKAdKSg2SwQQKRw
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-