General
-
Target
receipt.js
-
Size
19KB
-
Sample
220208-bt5qzabfcr
-
MD5
c12a75906e13948499a20fdbdd20a84f
-
SHA1
b972af62f4a356f022f2f7c1e82e474d7d0ab177
-
SHA256
66555e27267457b1ea719fb4ba3ca9412640b52019926ab2103ab331fab20bfb
-
SHA512
6b9b68f5b570a28b144c7580e8b896514e7b08fb164324ef5b7f9c33d43756b750312081f53c3dca9242add8205cef2d681ae08eeb845c12b0e585380cea6efa
Static task
static1
Behavioral task
behavioral1
Sample
receipt.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
receipt.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://warrr.duckdns.org:9997
Targets
-
-
Target
receipt.js
-
Size
19KB
-
MD5
c12a75906e13948499a20fdbdd20a84f
-
SHA1
b972af62f4a356f022f2f7c1e82e474d7d0ab177
-
SHA256
66555e27267457b1ea719fb4ba3ca9412640b52019926ab2103ab331fab20bfb
-
SHA512
6b9b68f5b570a28b144c7580e8b896514e7b08fb164324ef5b7f9c33d43756b750312081f53c3dca9242add8205cef2d681ae08eeb845c12b0e585380cea6efa
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-