General
-
Target
receipt.js
-
Size
139KB
-
Sample
220621-k3bnxscfcl
-
MD5
553ae64ec92c74a02701ca3881915b7b
-
SHA1
a6c4676312e2bb96226fbcddbed738b30d15ec1c
-
SHA256
5f8233b2a9235541fd9e1b526c546c911dd69e9ee5e917c2540e2123748a6eba
-
SHA512
0a39079d2a4a2a03356396da5339cce8d8754261437ca74212aa71a19ab6726701404462c82c02914ddb5e7c957871b434a647b592d3266415c4eb906ea687a7
Static task
static1
Behavioral task
behavioral1
Sample
receipt.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
receipt.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9003
Targets
-
-
Target
receipt.js
-
Size
139KB
-
MD5
553ae64ec92c74a02701ca3881915b7b
-
SHA1
a6c4676312e2bb96226fbcddbed738b30d15ec1c
-
SHA256
5f8233b2a9235541fd9e1b526c546c911dd69e9ee5e917c2540e2123748a6eba
-
SHA512
0a39079d2a4a2a03356396da5339cce8d8754261437ca74212aa71a19ab6726701404462c82c02914ddb5e7c957871b434a647b592d3266415c4eb906ea687a7
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-