From reddit.com
File examined: Codejack.exe
md5 hash: 3932f812b26f3bff1d20070c58468f2e
File type: EXE
File size: 412 KB
Description: [No description]
Here is a pdf copy of this document: https://www.dropbox.com/s/3a0slxf0qtec752/Codejack_analysis_paper.pdf?dl=0
PURPOSE OF EXAMINATION
Determine the behavior of the malware
SUMMARY
- Virus Total reports 57/71 detection for malware.
- Disk and Registry Alert reported that codejack.exe was deleted from the system after execution.
- Process Monitor revealed additional processes being spawned from codejack.exe, one being a vbs script called install.vbs
- Wireshark revealed communication with capriteam.ddns.net over TCP port 1010