General
-
Target
Request For Quotation.js
-
Size
193KB
-
Sample
220809-w93lrsgaf8
-
MD5
bd65cb0ec06dd5d0fa934e765dbf5f1d
-
SHA1
4753dffbe57acbae2356739a890e1a8d93576925
-
SHA256
a3e6b16cda1ed17cb620225764f61cf8bf11fa4c8dc578449039e90f7b2db7ff
-
SHA512
bd8a92df5eeffd8d04cda1ee6f11995d76b3f837542e1230f80f1da4f054fbf3b960f40185578716300a04d37351edcb8c8acbe1a498930bcb640c7924d32a4e
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation.js
Resource
win7-20220715-en
Malware Config
Extracted
vjw0rm
http://harold.jetos.com:3609
Targets
-
-
Target
Request For Quotation.js
-
Size
193KB
-
MD5
bd65cb0ec06dd5d0fa934e765dbf5f1d
-
SHA1
4753dffbe57acbae2356739a890e1a8d93576925
-
SHA256
a3e6b16cda1ed17cb620225764f61cf8bf11fa4c8dc578449039e90f7b2db7ff
-
SHA512
bd8a92df5eeffd8d04cda1ee6f11995d76b3f837542e1230f80f1da4f054fbf3b960f40185578716300a04d37351edcb8c8acbe1a498930bcb640c7924d32a4e
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-