General
-
Target
eReceipt.js
-
Size
29KB
-
Sample
220709-hgcb8acecn
-
MD5
f073d180f8bf7dae0dfb837e8d78d82a
-
SHA1
b7a8e2e4debde8013a9b89e205fc750c85d525d5
-
SHA256
0a3a6ef611952fbe870b4697a0cb4775a619a4b4599623cf295d6b787d6d43a5
-
SHA512
3b4d0771f4050f6d7bf14679fde2d8c6278fc5b9def9e5472bc4a066fd26d9be994850874184c03791d1065d0e94ad63e2063ff382c82c496fda51a7bec6f4db
Static task
static1
Behavioral task
behavioral1
Sample
eReceipt.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
eReceipt.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9004
Targets
-
-
Target
eReceipt.js
-
Size
29KB
-
MD5
f073d180f8bf7dae0dfb837e8d78d82a
-
SHA1
b7a8e2e4debde8013a9b89e205fc750c85d525d5
-
SHA256
0a3a6ef611952fbe870b4697a0cb4775a619a4b4599623cf295d6b787d6d43a5
-
SHA512
3b4d0771f4050f6d7bf14679fde2d8c6278fc5b9def9e5472bc4a066fd26d9be994850874184c03791d1065d0e94ad63e2063ff382c82c496fda51a7bec6f4db
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-