General
-
Target
eVoucher.js
-
Size
20KB
-
Sample
220224-jvej6scch3
-
MD5
b2be3dbbf5e20713b203a95b9dca8ee6
-
SHA1
fa11acd273295bbfaf6db67acb1cc7fd0934d825
-
SHA256
f2a1e7f1d81a1500da4245641082c12649e4bb8136d7883c2f211ba327ffcac2
-
SHA512
b03a23d4020904b4b72005c9513e2f77a4f4925754532e3b417d26e85deb68460f8671b49180527a9f719afecd6ebaabfb17ccaa6552ee75bc5d545b5d0788dc
Static task
static1
Behavioral task
behavioral1
Sample
eVoucher.js
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
eVoucher.js
Resource
win10v2004-en-20220112
Malware Config
Extracted
vjw0rm
http://warrr.duckdns.org:9997
Targets
-
-
Target
eVoucher.js
-
Size
20KB
-
MD5
b2be3dbbf5e20713b203a95b9dca8ee6
-
SHA1
fa11acd273295bbfaf6db67acb1cc7fd0934d825
-
SHA256
f2a1e7f1d81a1500da4245641082c12649e4bb8136d7883c2f211ba327ffcac2
-
SHA512
b03a23d4020904b4b72005c9513e2f77a4f4925754532e3b417d26e85deb68460f8671b49180527a9f719afecd6ebaabfb17ccaa6552ee75bc5d545b5d0788dc
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-