General
-
Target
Statement-Invoice.js
-
Size
10KB
-
Sample
220708-1bgc4ahfal
-
MD5
c94c70544e1792362319f444ff1969ba
-
SHA1
0b8712b610744c9bf0cb469662f7823ed71e84b9
-
SHA256
9296cb6b37e1aa570675bcc07519b5887d20ec6617efa84d900286a8a829c994
-
SHA512
001eb00bf2851c8cda1bbf2ccb9a7d624378896d6a8cce02e99af4e0c7c2751d2cbc496c3c98d0f0535d1c0413e06c5a72b542f7d4b5e2f2c78b4ac5b04a1512
Static task
static1
Behavioral task
behavioral1
Sample
Statement-Invoice.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Statement-Invoice.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://hwprocessing.duckdns.org:9933
Targets
-
-
Target
Statement-Invoice.js
-
Size
10KB
-
MD5
c94c70544e1792362319f444ff1969ba
-
SHA1
0b8712b610744c9bf0cb469662f7823ed71e84b9
-
SHA256
9296cb6b37e1aa570675bcc07519b5887d20ec6617efa84d900286a8a829c994
-
SHA512
001eb00bf2851c8cda1bbf2ccb9a7d624378896d6a8cce02e99af4e0c7c2751d2cbc496c3c98d0f0535d1c0413e06c5a72b542f7d4b5e2f2c78b4ac5b04a1512
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-