General
-
Target
Invoice.js
-
Size
29KB
-
Sample
220616-dtldfacdc9
-
MD5
b52ee9fc1494a1c1df13f015fa582808
-
SHA1
d4cb49d300c4caf339e6db3d9e977800799f8b25
-
SHA256
fd7d8b358ce1f40005f46b6e297b224c35f26d9a267d91c263b25472461feafd
-
SHA512
882bb1cd72b505055748776800f5aa0b2aade2e01e98e5e3ce5756c8d00e9ae29fa766638207da356384fe6a3a19034e8ec3e80355358f6293d0b3c2dd8a4dff
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://104.168.7.110:7974
Targets
-
-
Target
Invoice.js
-
Size
29KB
-
MD5
b52ee9fc1494a1c1df13f015fa582808
-
SHA1
d4cb49d300c4caf339e6db3d9e977800799f8b25
-
SHA256
fd7d8b358ce1f40005f46b6e297b224c35f26d9a267d91c263b25472461feafd
-
SHA512
882bb1cd72b505055748776800f5aa0b2aade2e01e98e5e3ce5756c8d00e9ae29fa766638207da356384fe6a3a19034e8ec3e80355358f6293d0b3c2dd8a4dff
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-