General
-
Target
invoice56373838373.js
-
Size
5KB
-
Sample
220929-eqnvtshgb3
-
MD5
8a941c71c17b535d80120149db8b522a
-
SHA1
f90e1d61ab7deeeeaf63b814cc60090fa406d503
-
SHA256
e7d15b4546c61001f0709ebfa4068c45ee5acce06a0ac60c040e46c97b805aa7
-
SHA512
b631c14f037c0b8cd331780273d6a2761a1ee3d5da8d193d64fd75d4edaebde9e68b30550e3142d41e77aff89f259a3fdf0ae185de33aa2999860e8c315bec1d
-
SSDEEP
96:SABNo5D/k2c24ZRMHXE6/BI0u+Ys+fJR9kDdQqR7bJyKhB/OS4Uu/ingHXRZfzYF:zSo2c24ZRMlBI6Ys+fJR96fRfqJingHW
Static task
static1
Behavioral task
behavioral1
Sample
invoice56373838373.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
invoice56373838373.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
vjw0rm
http://zlat.duckdns.org:7974
Targets
-
-
Target
invoice56373838373.js
-
Size
5KB
-
MD5
8a941c71c17b535d80120149db8b522a
-
SHA1
f90e1d61ab7deeeeaf63b814cc60090fa406d503
-
SHA256
e7d15b4546c61001f0709ebfa4068c45ee5acce06a0ac60c040e46c97b805aa7
-
SHA512
b631c14f037c0b8cd331780273d6a2761a1ee3d5da8d193d64fd75d4edaebde9e68b30550e3142d41e77aff89f259a3fdf0ae185de33aa2999860e8c315bec1d
-
SSDEEP
96:SABNo5D/k2c24ZRMHXE6/BI0u+Ys+fJR9kDdQqR7bJyKhB/OS4Uu/ingHXRZfzYF:zSo2c24ZRMlBI6Ys+fJR96fRfqJingHW
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-