General
-
Target
Order receipt #FRI-1605398-SCA.js
-
Size
65KB
-
Sample
220318-xvzf8sdhbr
-
MD5
ff61c1c6da0d2cda1e41e2871eb1160d
-
SHA1
2bd6450b5c6b0bf1404c596e6b97cda3b73bc1bb
-
SHA256
d7ef41fdbc0215ff6a62eaf607d75a8d5eb29cb505b367c5e285de5283c8b324
-
SHA512
03d753802d5a3832b932340e311e1e33a5f5f2ffa4113f0767eca58324a533505a91b39479db10a842d66a1eb88c53db6946581ab033c112447efd88f1da4a69
Static task
static1
Behavioral task
behavioral1
Sample
Order receipt #FRI-1605398-SCA.js
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Order receipt #FRI-1605398-SCA.js
Resource
win10v2004-en-20220113
Malware Config
Extracted
vjw0rm
http://shizzlenjworm.duckdns.org:1605
Targets
-
-
Target
Order receipt #FRI-1605398-SCA.js
-
Size
65KB
-
MD5
ff61c1c6da0d2cda1e41e2871eb1160d
-
SHA1
2bd6450b5c6b0bf1404c596e6b97cda3b73bc1bb
-
SHA256
d7ef41fdbc0215ff6a62eaf607d75a8d5eb29cb505b367c5e285de5283c8b324
-
SHA512
03d753802d5a3832b932340e311e1e33a5f5f2ffa4113f0767eca58324a533505a91b39479db10a842d66a1eb88c53db6946581ab033c112447efd88f1da4a69
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-