General
-
Target
Open Invoices20220919.js
-
Size
15KB
-
Sample
220921-cszzrsadcr
-
MD5
a4b325700f220d567a162da58d4caaea
-
SHA1
38e6ab4d7c9496336b0d05db64bc1d04aa8772d0
-
SHA256
acd2a7accac4547cdb44f41cddea4bdf65b63469cffa10dcbdea9d6d3e83c6ee
-
SHA512
9dfd486b4a5fc50531601c115a9636cb892da21ccfed9619c043eb9c5069c4e298519c4f950644a8f99303cdda7c6d960ff0d289625d73271c093f888ecee181
-
SSDEEP
192:FPv7CWP433c4+jRYNlgXoLYueZ58NkveY1LwHGkiXJzFQkkLeDkvuXM8V5ihXfI9:lLElgXWeZn1LwHYQIDkv19fI4hFlqMy
Static task
static1
Behavioral task
behavioral1
Sample
Open Invoices20220919.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Open Invoices20220919.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
vjw0rm
http://alukoren.duckdns.org:9144
Targets
-
-
Target
Open Invoices20220919.js
-
Size
15KB
-
MD5
a4b325700f220d567a162da58d4caaea
-
SHA1
38e6ab4d7c9496336b0d05db64bc1d04aa8772d0
-
SHA256
acd2a7accac4547cdb44f41cddea4bdf65b63469cffa10dcbdea9d6d3e83c6ee
-
SHA512
9dfd486b4a5fc50531601c115a9636cb892da21ccfed9619c043eb9c5069c4e298519c4f950644a8f99303cdda7c6d960ff0d289625d73271c093f888ecee181
-
SSDEEP
192:FPv7CWP433c4+jRYNlgXoLYueZ58NkveY1LwHGkiXJzFQkkLeDkvuXM8V5ihXfI9:lLElgXWeZn1LwHYQIDkv19fI4hFlqMy
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-