General
-
Target
eReceipt.js
-
Size
578KB
-
Sample
220314-sngkmahae3
-
MD5
d64b0399563a39517dbdc2a7b07ebccc
-
SHA1
bf6b80063cdb8204a491c149ac17a142dcdec2b0
-
SHA256
bd589d7e0de188679d2688c2e1f4d43f13ae2239be9603453170daa1b8484951
-
SHA512
36a7a3d56180c7fd883b4c14acfee40c43fd7b962a92c6b837c9d09958f34f16001ce99e4132a886c370beb1ad89d6478625f7b519474dac739ce6463b74b585
Static task
static1
Behavioral task
behavioral1
Sample
eReceipt.js
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
eReceipt.js
Resource
win10v2004-20220310-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9001
http://kathyaboth.duia.ro:6534
Targets
-
-
Target
eReceipt.js
-
Size
578KB
-
MD5
d64b0399563a39517dbdc2a7b07ebccc
-
SHA1
bf6b80063cdb8204a491c149ac17a142dcdec2b0
-
SHA256
bd589d7e0de188679d2688c2e1f4d43f13ae2239be9603453170daa1b8484951
-
SHA512
36a7a3d56180c7fd883b4c14acfee40c43fd7b962a92c6b837c9d09958f34f16001ce99e4132a886c370beb1ad89d6478625f7b519474dac739ce6463b74b585
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-