General
-
Target
receipt#.js
-
Size
43KB
-
Sample
220629-jtbf5ahef8
-
MD5
c2fccb1379ea9c93fa035c236c0d0627
-
SHA1
4fb24cde2f2879dfc0ca43ca2c2e42af8efcf7da
-
SHA256
27026383c0fbcc79e6eacfb629b41261afac694e69fa67749ab2d0d1a6493d2b
-
SHA512
dc0963d8a2fe131eccc800ea5a88cbd85aa6473c6080544cebde819e6cb8ad8e99387f604c2e2d9cb6bea086a01705e3230ce5cb09878dff0840cf3b766e0ee2
Static task
static1
Behavioral task
behavioral1
Sample
receipt#.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
receipt#.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9004
http://paypalintelsassistant.duia.ro:8153
Targets
-
-
Target
receipt#.js
-
Size
43KB
-
MD5
c2fccb1379ea9c93fa035c236c0d0627
-
SHA1
4fb24cde2f2879dfc0ca43ca2c2e42af8efcf7da
-
SHA256
27026383c0fbcc79e6eacfb629b41261afac694e69fa67749ab2d0d1a6493d2b
-
SHA512
dc0963d8a2fe131eccc800ea5a88cbd85aa6473c6080544cebde819e6cb8ad8e99387f604c2e2d9cb6bea086a01705e3230ce5cb09878dff0840cf3b766e0ee2
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-