General
-
Target
eReceipt.js
-
Size
16KB
-
Sample
220627-n8k2bscgg4
-
MD5
3fd454ead642e09fa893849cf84d9767
-
SHA1
b7f978d5ec9afd2c81b6e77cb609ef107c63d558
-
SHA256
f96db19d19432e5984547e6c4e006ec86e6842f752ebaee0cd526a4aa1de5900
-
SHA512
771746dbb800659e7bec55594a67229940048865204767d37fd48cafabf2c50743cd11559bd1d7d0bb7911b2fa453deaafd98e4aca97acfceb12430574a4d9c6
Static task
static1
Behavioral task
behavioral1
Sample
eReceipt.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
eReceipt.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9004
Targets
-
-
Target
eReceipt.js
-
Size
16KB
-
MD5
3fd454ead642e09fa893849cf84d9767
-
SHA1
b7f978d5ec9afd2c81b6e77cb609ef107c63d558
-
SHA256
f96db19d19432e5984547e6c4e006ec86e6842f752ebaee0cd526a4aa1de5900
-
SHA512
771746dbb800659e7bec55594a67229940048865204767d37fd48cafabf2c50743cd11559bd1d7d0bb7911b2fa453deaafd98e4aca97acfceb12430574a4d9c6
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-