General
-
Target
Order Receipt UPS1605-192-DD-22.js
-
Size
20KB
-
Sample
220222-jlzhzsecc3
-
MD5
8d2786e0a6c850c170c679a54e0d5f20
-
SHA1
0fd46e20522fd76ea36953c971fe93c8b03f7a23
-
SHA256
56996c6145346114bcefd9028fa95a8232d1ce0e380e216a06975d7cad14c649
-
SHA512
10370279326a30c41dc49f58884734ee3c56d7c99441f123bb42bb0949d0b966b73ec18ddc7aba71b62b2bb5428bb2ddb4e645c05fb2350d0b2cae738a90d2ec
Static task
static1
Behavioral task
behavioral1
Sample
Order Receipt UPS1605-192-DD-22.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Order Receipt UPS1605-192-DD-22.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://shizzlegateway.duckdns.org:1605
Targets
-
-
Target
Order Receipt UPS1605-192-DD-22.js
-
Size
20KB
-
MD5
8d2786e0a6c850c170c679a54e0d5f20
-
SHA1
0fd46e20522fd76ea36953c971fe93c8b03f7a23
-
SHA256
56996c6145346114bcefd9028fa95a8232d1ce0e380e216a06975d7cad14c649
-
SHA512
10370279326a30c41dc49f58884734ee3c56d7c99441f123bb42bb0949d0b966b73ec18ddc7aba71b62b2bb5428bb2ddb4e645c05fb2350d0b2cae738a90d2ec
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-