General
-
Target
receipt.js
-
Size
66KB
-
Sample
220311-v8ww6adfaq
-
MD5
97dca8a40e40a71719b53c1f2d1aa1ef
-
SHA1
1527242f0615a962d4987aa4a5f3f3c356579196
-
SHA256
3be7dd44f3dd4e96f34da6bfec722fdeb5f1c7220bc11bb709825a07e6294c6e
-
SHA512
9fd75526f17448b01f45f60842bfb060a797507adad20b0d2f5dd162e1a6a37949a43b89fdbddedf91c2db9f8c3e9f2dfe08dd35971bedc7e26fd05dfbdf3f6e
Static task
static1
Behavioral task
behavioral1
Sample
receipt.js
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
receipt.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9998
Targets
-
-
Target
receipt.js
-
Size
66KB
-
MD5
97dca8a40e40a71719b53c1f2d1aa1ef
-
SHA1
1527242f0615a962d4987aa4a5f3f3c356579196
-
SHA256
3be7dd44f3dd4e96f34da6bfec722fdeb5f1c7220bc11bb709825a07e6294c6e
-
SHA512
9fd75526f17448b01f45f60842bfb060a797507adad20b0d2f5dd162e1a6a37949a43b89fdbddedf91c2db9f8c3e9f2dfe08dd35971bedc7e26fd05dfbdf3f6e
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-