General
-
Target
receipt-ups.js
-
Size
20KB
-
Sample
220914-hh3kssdbgp
-
MD5
90878808fd81b0efad5d81eba547bd71
-
SHA1
c6aa497f840342726077e9236897500fa61f479d
-
SHA256
e02d3ad30b7532cf8a6958fb4eda93ba7d1b7f199df58374f5ccc90bb4f7e6b8
-
SHA512
73056fac39b2ad261002358c9952fe052e2b8bfdc535443f66519b3b80aa6cc2ccb77b10f17cffb0bfb7f84c5b6114c0d2d379c763ee1020880ea8e9083f29b4
-
SSDEEP
384:ppph5Bjxjn/Has3HadHsUQnzi73MOu4uWDTu4t/38zREKdyak:ppph5BjxjfandHs3bOuYtSREKdNk
Static task
static1
Behavioral task
behavioral1
Sample
receipt-ups.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
receipt-ups.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
vjw0rm
http://zeegod.duckdns.org:9004
Targets
-
-
Target
receipt-ups.js
-
Size
20KB
-
MD5
90878808fd81b0efad5d81eba547bd71
-
SHA1
c6aa497f840342726077e9236897500fa61f479d
-
SHA256
e02d3ad30b7532cf8a6958fb4eda93ba7d1b7f199df58374f5ccc90bb4f7e6b8
-
SHA512
73056fac39b2ad261002358c9952fe052e2b8bfdc535443f66519b3b80aa6cc2ccb77b10f17cffb0bfb7f84c5b6114c0d2d379c763ee1020880ea8e9083f29b4
-
SSDEEP
384:ppph5Bjxjn/Has3HadHsUQnzi73MOu4uWDTu4t/38zREKdyak:ppph5BjxjfandHs3bOuYtSREKdNk
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-