Sample File: MD5 hash: 70e863fb5753b95b4bb7d8c746ae4b94 SHA1 hash: 40bdba0699a9e2b003f929717c14b5b3966ff9f4 SHA256 hash: 49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322 SSDEEP hash: 12288:GhDP5VS0Hnj+ERfJwHIxqhynh99RkJM8234v8wPilfsjsStp:GhvVHnjtRfJwHI3n8M8BRPiTStp Filename(s): brjujs.exe Filetype: Windows Exe (x86-32) Mutex IOCs: 1668818982 Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox HKEY_CURRENT_USER\Software\Valve\Steam HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Domain IOCs: raw.githubusercontent.com u667503srd.ha004.t.justns.ru IP IOCs: 151.101.12.133 185.22.155.62 URL IOCs: raw.githubusercontent.com/fkarelli/fjrusbftnf/master/nyun.txt u667503srd.ha004.t.justns.ru/collect.php File IOCs: Filenames: C:\\Users\Public\AppData\Local\NordVPN C:\\Users\Default User\AppData\Roaming C:\\Users\Default User\AppData\Roaming\Psi+\profiles C:\\Users\Default User\AppData\Local\Application Data C:\\Users\Default.migrated\AppData\Local C:\\Users\Default\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\FD1HVy\AppData\Roaming\Psi\profiles C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB C:\\Users\FD1HVy\AppData\Roaming\discord\Local Storage\leveldb\ C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\QJOBQLWYTL.ILQHNQOSO C:\\Users\Default\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default User\Desktop C:\\Users\Public\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users C:\\Users\Default\AppData\Local\Temporary Internet Files C:\\Users\FD1HVy\AppData\Roaming\Psi+\profiles C:\\Users\FD1HVy\AppData\Roaming\.purple\accounts.xml C:\\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\All Users C:\\Users\Default User\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Public\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\All Users\Desktop C:\\Users\FD1HVy\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default.migrated\AppData\Roaming\Psi\profiles C:\\Users\All Users\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Default.migrated\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\\Users\Default.migrated\AppData\Roaming\Psi+\profiles C:\\Users\All Users\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\All Users\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\AppData\Local\NordVPN C:\\Users\All Users\AppData\Roaming\Psi\profiles C:\\Users\All Users\AppData\Local C:\\Users\Default\AppData\Roaming\Psi+\profiles C:\\Users\Default.migrated\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\All Users\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default.migrated\AppData\Roaming C:\\Users\All Users\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\FD1HVy\AppData\Local\History C:\\Users\FD1HVy\Desktop C:\\Users\FD1HVy\AppData\Local C:\\Users\Default User\AppData\Local C:\\Users\Public\AppData\Roaming\.purple\accounts.xml C:\\Users\Default\AppData\Roaming\Psi\profiles C:\\Users\All Users\AppData\Roaming\Psi+\profiles C:\\Users\FD1HVy\AppData\Local\Google C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State C:\\Users\Default User\AppData\Local\History C:\\Users\Default User\AppData\Local\NordVPN C:\\Users\Default\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Public\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\FD1HVy\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\\Users\Default\AppData\Local\Application Data C:\\Users\FD1HVy\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\All Users\AppData\Roaming\.purple\accounts.xml C:\\Users\Public\AppData\Roaming\Psi+\profiles C:\\Users\Public\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\AppData\Roaming\.purple\accounts.xml C:\\Users\Default.migrated\AppData\Roaming\FileZilla\recentservers.xml C:\\Users\Default.migrated\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\FD1HVy\AppData\Local\Adobe C:\\Users\All Users\AppData\Local\NordVPN C:\\Users\FD1HVy\AppData\Local\Application Data C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\Default.migrated\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default User\AppData\Roaming\Psi\profiles C:\\Users\Default User\AppData\Local\Temporary Internet Files C:\\Users\Public\AppData\Roaming\Psi\profiles C:\\Users\Default.migrated\Desktop C:\\Users\Default\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Public\AppData\Local C:\\Users\Public\Desktop C:\\Users\Default\AppData\Roaming\.purple\accounts.xml C:\\Users\Default User\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT C:\\Users\FD1HVy\AppData\Local\NordVPN C:\\Users\Default User\AppData\Roaming\.purple\accounts.xml C:\\Users\Public\AppData\Roaming C:\\Users\Default\AppData\Local\History C:\\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\FDXRKMCXDCERKKCEPNR.LEFQGPDVSXGCCHGB C:\\Users\Default\AppData\Roaming C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\HVLCQIFFXYICOYNLCLWE.QLKM C:\\Users\Default\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Default User\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Public\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default User\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\Default.migrated\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Default User\AppData\Roaming\FileZilla\recentservers.xml C:\Users\FD1HVy\Desktop\brjujs.exe C:\\Users\Default\AppData\Local\NordVPN C:\\Users\Default.migrated\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\\Users\Default User\AppData\Roaming\discord\Local Storage\leveldb\ C:\\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default User\Documents\GTA San Andreas User Files\SAMP\chatlog.txt C:\Windows\System32\VBoxService.exe C:\\Users\Default\AppData\Local C:\\Users\Public\AppData\Roaming\Authy Desktop\Local Storage\leveldb C:\\Users\All Users\AppData\Roaming\Mozilla\Firefox\Profiles C:\\Users\Default User C:\\Users\Default\Desktop C:\\Users\All Users\AppData\Roaming C:\\Users\FD1HVy\AppData\Roaming C:\\Users\FD1HVy\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT System Paging File C:\\Users\Default\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\Public\AppData\Roaming\FileZilla\sitemanager.xml C:\\Users\All Users\Documents\GTA San Andreas User Files\SAMP\USERDATA.DAT MD5 hashes: 5437864c133f53e6a43fc8678fee8ca9 1dd799e5708804141a3dc7c6b8621b86 164f4ab18544aae9d15a13d4515bd3dc 93e4a0712968ab755fcb8a66cdff93e3 70e863fb5753b95b4bb7d8c746ae4b94 5c2161fc7b16d12b45b3e53d56fad16a e3a002935a782f75c8ac7f3f0505d7f2 SHA1 hashes: 78c8d3bdd34ba554fd077b0a126f01c6e877b1ae 5ec603207a726efa249b6ef575b2d03c64e928fd 40bdba0699a9e2b003f929717c14b5b3966ff9f4 06a317f3d6519cf226db3ab029a212293d318a1b 87bef9d8ec1ad27362e34be67f86ca0b3eeb61c2 7d234268100650ff969ab1dff1948c67a3b2ec14 383ed41171772885ecedac3639de19c6d4024b57 SHA256 hashes: 4cac997374b781b3101a614cadca764258bedf4d4cd8b53d9f7a2903d25ebdc4 912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7 00ff55fac095c1f8ed1625774ae2864566ac991c3fba4f95558bfa9a3235b7e7 037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748 49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322 cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129 SSDEEP hashes: 24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc 6:q39NqxtgLGT+QcpSrQMnIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx3Ke95E5:U+x8GvTlngBUiBns0dcz2Hz3fa 24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW 96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D 48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc 24576:4iAximO5c3G0Qgs2MhCEklju5ekO2hgJNUwXdj2D1Y:vAJOOPQgLGCkhWNUwN2D1Y 12288:GhDP5VS0Hnj+ERfJwHIxqhynh99RkJM8234v8wPilfsjsStp:GhvVHnjtRfJwHI3n8M8BRPiTStp