General
-
Target
receipt.js
-
Size
206KB
-
Sample
211227-vfpblschf5
-
MD5
84525680ddf135baebc37d41de8f7aed
-
SHA1
1d47c735c55fe64fe3e7610123f21ea2c3b70f50
-
SHA256
ef8517a5435a51ae4912a4ef4e28656435a08383791d4d6052a4a97be38af233
-
SHA512
68446b8c4e2a79b87bbbd332fc9b3f9d0fe9185ee0b1066b5f2b5b3d104ba76c96d5a8b84a6f8a6fab2dae400392c411c83abbc321ec23aa0ae5911c7af080c0
Static task
static1
Behavioral task
behavioral1
Sample
receipt.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
receipt.js
Resource
win10-en-20211208
Malware Config
Extracted
vjw0rm
http://warrr.duckdns.org:9997
Targets
-
-
Target
receipt.js
-
Size
206KB
-
MD5
84525680ddf135baebc37d41de8f7aed
-
SHA1
1d47c735c55fe64fe3e7610123f21ea2c3b70f50
-
SHA256
ef8517a5435a51ae4912a4ef4e28656435a08383791d4d6052a4a97be38af233
-
SHA512
68446b8c4e2a79b87bbbd332fc9b3f9d0fe9185ee0b1066b5f2b5b3d104ba76c96d5a8b84a6f8a6fab2dae400392c411c83abbc321ec23aa0ae5911c7af080c0
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-