General
-
Target
ORDEN DE COMPRA______.PDF.js
-
Size
10KB
-
Sample
220831-rvpn5sfeem
-
MD5
c1d48bb06fa38384c73fb96e9d5b8429
-
SHA1
aa0777aa90cdcb8b64bff83bddfe0b00cc42a912
-
SHA256
3651c64ef411003b59b89f2938012c817de679655da815f50b76ecc4b7463d0f
-
SHA512
2f9f07d65fda51fc24f98c5255eb44cb9dba9b56accb01054c62845165680b1d85896dff37321e6f135e4f36fd0720a2e24e240809ac5be1e0e6bf0dd957d4e0
-
SSDEEP
192:LXAvRAB5ikkOAPsHtJ9jnJ8M66PMLmbDnKaHKHRohMuEsQWYPTUhhuAV:LXGki/CHNPMLhzxiMDhPTUhgAV
Static task
static1
Behavioral task
behavioral1
Sample
ORDEN DE COMPRA______.PDF.js
Resource
win7-20220812-en
Malware Config
Extracted
vjw0rm
http://80.76.51.88:4780
Targets
-
-
Target
ORDEN DE COMPRA______.PDF.js
-
Size
10KB
-
MD5
c1d48bb06fa38384c73fb96e9d5b8429
-
SHA1
aa0777aa90cdcb8b64bff83bddfe0b00cc42a912
-
SHA256
3651c64ef411003b59b89f2938012c817de679655da815f50b76ecc4b7463d0f
-
SHA512
2f9f07d65fda51fc24f98c5255eb44cb9dba9b56accb01054c62845165680b1d85896dff37321e6f135e4f36fd0720a2e24e240809ac5be1e0e6bf0dd957d4e0
-
SSDEEP
192:LXAvRAB5ikkOAPsHtJ9jnJ8M66PMLmbDnKaHKHRohMuEsQWYPTUhhuAV:LXGki/CHNPMLhzxiMDhPTUhgAV
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-