General
-
Target
uACNKYayoW_wama.js
-
Size
41KB
-
Sample
221125-h287padg9t
-
MD5
5c8ff125cbe4ed171a5b451ccf76a0e5
-
SHA1
9e4c5cbeeb2ba5fcca9e260f56131289b8e85192
-
SHA256
d7f9500aa960463e10753337efdb37659e0a9923206b284a9bff56981ef2f658
-
SHA512
2235dfc79d56df74d40dd1bd701c39c7333621b72eefded27baa1810db10e4ec77e7f1251ecd6f5f882b39ab95d74cecf0a6ce3d11a2b94c86ee5a25ce5b5cab
-
SSDEEP
768:0U3iWK5RtLHuGFDYZWjQ+I0ZosTO9pFUqcnp7TZVyxCGRu:cpp85DUqcntTZVyxhRu
Static task
static1
Behavioral task
behavioral1
Sample
uACNKYayoW_wama.js
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
uACNKYayoW_wama.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
vjw0rm
http://45.139.105.174:7575
Targets
-
-
Target
uACNKYayoW_wama.js
-
Size
41KB
-
MD5
5c8ff125cbe4ed171a5b451ccf76a0e5
-
SHA1
9e4c5cbeeb2ba5fcca9e260f56131289b8e85192
-
SHA256
d7f9500aa960463e10753337efdb37659e0a9923206b284a9bff56981ef2f658
-
SHA512
2235dfc79d56df74d40dd1bd701c39c7333621b72eefded27baa1810db10e4ec77e7f1251ecd6f5f882b39ab95d74cecf0a6ce3d11a2b94c86ee5a25ce5b5cab
-
SSDEEP
768:0U3iWK5RtLHuGFDYZWjQ+I0ZosTO9pFUqcnp7TZVyxCGRu:cpp85DUqcntTZVyxhRu
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-