General
-
Target
Orders Docs.js
-
Size
164KB
-
Sample
220622-se6s6acaf7
-
MD5
18b9c0bc1c0ee305564334c961f1f17c
-
SHA1
09ce3403cbb2b5f489529e96997ccffa4db044b1
-
SHA256
9cafe3e7e089f96852a245f8d24f2c4bc67888e381a3d15607859cdbb7b62897
-
SHA512
f8a7f77a8912eb17bccd619b711f981875e219db3acdd126d129ad82fe31f6528bac6e034e064094ad526fb7d81e7c7cf0546e52c84f7620a17fc47042e06eed
Static task
static1
Behavioral task
behavioral1
Sample
Orders Docs.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Orders Docs.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://45.138.16.233:1985
Targets
-
-
Target
Orders Docs.js
-
Size
164KB
-
MD5
18b9c0bc1c0ee305564334c961f1f17c
-
SHA1
09ce3403cbb2b5f489529e96997ccffa4db044b1
-
SHA256
9cafe3e7e089f96852a245f8d24f2c4bc67888e381a3d15607859cdbb7b62897
-
SHA512
f8a7f77a8912eb17bccd619b711f981875e219db3acdd126d129ad82fe31f6528bac6e034e064094ad526fb7d81e7c7cf0546e52c84f7620a17fc47042e06eed
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-