General
-
Target
temp.js
-
Size
6KB
-
Sample
230223-tj4p2agd77
-
MD5
71838ec02373c35bc9217ab58cd6b6a1
-
SHA1
68ed796c91ff5d04da869c6b6dd0e0bfda0a769c
-
SHA256
1939367b5a1548e8af432cdbf026980006ddf37325482602303ddfaf27690b31
-
SHA512
f36709240f111bf08ef43208899cd4b451fc951525543e125294ae17b77e3d15fd363669d0a2cab73f696f2a1de1e8f89ee105546ca4cbde402d445d2348ce5d
-
SSDEEP
192:MZVhB3qeNJ82T2ZvfLaTRDLiUFOvewELaZL+URZn7iixK23WR8IKrzv:2VHa+JafGRDGUFOvewEyL+URl7i9TK7H
Static task
static1
Behavioral task
behavioral1
Sample
temp.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
temp.js
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
temp.js
Resource
win10v2004-20230221-en
Malware Config
Extracted
vjw0rm
http://js9300.duckdns.org:9300
Targets
-
-
Target
temp.js
-
Size
6KB
-
MD5
71838ec02373c35bc9217ab58cd6b6a1
-
SHA1
68ed796c91ff5d04da869c6b6dd0e0bfda0a769c
-
SHA256
1939367b5a1548e8af432cdbf026980006ddf37325482602303ddfaf27690b31
-
SHA512
f36709240f111bf08ef43208899cd4b451fc951525543e125294ae17b77e3d15fd363669d0a2cab73f696f2a1de1e8f89ee105546ca4cbde402d445d2348ce5d
-
SSDEEP
192:MZVhB3qeNJ82T2ZvfLaTRDLiUFOvewELaZL+URZn7iixK23WR8IKrzv:2VHa+JafGRDGUFOvewEyL+URl7i9TK7H
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-