General
-
Target
006490081032.INV.PRG.CHO.005.20220912.233736.20220913.003804.35134.js
-
Size
20KB
-
Sample
220917-g9g8hahcd4
-
MD5
9bd066451c40124f2c2796308f9b2f1f
-
SHA1
18b6b387168aa7c9c17d259db7d0751909b0dfcf
-
SHA256
b3379595159f56896234e2661a836454a7beb49ecda4bf6a4a9c84be3c4025e1
-
SHA512
dd349c97039c4e016506929c101092d538fc038aa3b60d33f91c098d561b6fdbc254b0f25edc2195eb56832de6309a0ac6b871321199fe6f0b7d99eb019ec16a
-
SSDEEP
384:ppphBBjxjn/Has1l4d/9kUWnZo3ZRWICaaQPrTVnN3u8Wnk:ppphBBjxjfaVd/9kVsiICqC3nk
Static task
static1
Behavioral task
behavioral1
Sample
006490081032.INV.PRG.CHO.005.20220912.233736.20220913.003804.35134.js
Resource
win7-20220812-en
Malware Config
Extracted
vjw0rm
http://ms15clones.ddns.net:2022
Targets
-
-
Target
006490081032.INV.PRG.CHO.005.20220912.233736.20220913.003804.35134.js
-
Size
20KB
-
MD5
9bd066451c40124f2c2796308f9b2f1f
-
SHA1
18b6b387168aa7c9c17d259db7d0751909b0dfcf
-
SHA256
b3379595159f56896234e2661a836454a7beb49ecda4bf6a4a9c84be3c4025e1
-
SHA512
dd349c97039c4e016506929c101092d538fc038aa3b60d33f91c098d561b6fdbc254b0f25edc2195eb56832de6309a0ac6b871321199fe6f0b7d99eb019ec16a
-
SSDEEP
384:ppphBBjxjn/Has1l4d/9kUWnZo3ZRWICaaQPrTVnN3u8Wnk:ppphBBjxjfaVd/9kVsiICqC3nk
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-