General
-
Target
order_receipt.js
-
Size
11KB
-
Sample
220319-ve7rkaebdj
-
MD5
69f29cd9961eea44bdf9ac54d34dc1c4
-
SHA1
8b603318d383c298e6613fda82f15fa88cc25fa8
-
SHA256
14516968b1e01bd308c319bde2d4cdba32bf37f07d9e5f003ebc5b1bb1059d71
-
SHA512
ed7b5708c0be99b93225e47ded369195ccef8ee8da4a8b7d775ed195be6a4d5f2c6385ef2f625bb3230e4a9369c339261a22d8799fdf55bced1c78bfe9b54d50
Static task
static1
Behavioral task
behavioral1
Sample
order_receipt.js
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
order_receipt.js
Resource
win10v2004-20220310-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9001
Targets
-
-
Target
order_receipt.js
-
Size
11KB
-
MD5
69f29cd9961eea44bdf9ac54d34dc1c4
-
SHA1
8b603318d383c298e6613fda82f15fa88cc25fa8
-
SHA256
14516968b1e01bd308c319bde2d4cdba32bf37f07d9e5f003ebc5b1bb1059d71
-
SHA512
ed7b5708c0be99b93225e47ded369195ccef8ee8da4a8b7d775ed195be6a4d5f2c6385ef2f625bb3230e4a9369c339261a22d8799fdf55bced1c78bfe9b54d50
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-