General
-
Target
Receipt.js
-
Size
29KB
-
Sample
220615-w26y8aafgj
-
MD5
62184bdd8fe81740c12494d0a2399233
-
SHA1
8bff579b18962cd8d1bb1781b6865a8950426036
-
SHA256
620e4c1c31e80f2ada1bf0b815920db400c936a456dbf926afbde3e64fbe5721
-
SHA512
f2c683a10269015baa6082226d295130fe8af9c781d1655a6c37dabfa44971bd0b0b650273a22f16eca3e3d582a1f68d46479d9306edf686c851fe2c476a3678
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Receipt.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9003
Targets
-
-
Target
Receipt.js
-
Size
29KB
-
MD5
62184bdd8fe81740c12494d0a2399233
-
SHA1
8bff579b18962cd8d1bb1781b6865a8950426036
-
SHA256
620e4c1c31e80f2ada1bf0b815920db400c936a456dbf926afbde3e64fbe5721
-
SHA512
f2c683a10269015baa6082226d295130fe8af9c781d1655a6c37dabfa44971bd0b0b650273a22f16eca3e3d582a1f68d46479d9306edf686c851fe2c476a3678
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-