General
-
Target
V00GH_Invoice_Copy.js
-
Size
12KB
-
Sample
210913-z4gc5aede9
-
MD5
963a5d04111cb709a313fe13796ace0f
-
SHA1
89908f327f50fc02be086eb402da0f0abc2a70d5
-
SHA256
c44969e8e20e817015e79c4e46740499f9ee5293c98c8b94109cd34a8cf523a3
-
SHA512
4ea626887e8e574bb1f71139d79a7d989442f09c4c0c52d25c4ed147fd032cfd738370f98692f8ba318d792f0b9354ffce34625338dad8b540030306db4f0179
Static task
static1
Behavioral task
behavioral1
Sample
V00GH_Invoice_Copy.js
Resource
win7-en
Behavioral task
behavioral2
Sample
V00GH_Invoice_Copy.js
Resource
win10v20210408
Malware Config
Targets
-
-
Target
V00GH_Invoice_Copy.js
-
Size
12KB
-
MD5
963a5d04111cb709a313fe13796ace0f
-
SHA1
89908f327f50fc02be086eb402da0f0abc2a70d5
-
SHA256
c44969e8e20e817015e79c4e46740499f9ee5293c98c8b94109cd34a8cf523a3
-
SHA512
4ea626887e8e574bb1f71139d79a7d989442f09c4c0c52d25c4ed147fd032cfd738370f98692f8ba318d792f0b9354ffce34625338dad8b540030306db4f0179
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-