General
-
Target
1ZXSAOPKH09SA_PAYMENT-COPY.js
-
Size
9.0MB
-
Sample
230223-lffvsshc3y
-
MD5
2e2078339793c66d19efb2c4b642ccb1
-
SHA1
714ae2b2c1ac173e5539c95d4594c0d3ed4aa438
-
SHA256
15473e094a9ec464cce7a31879bc27eec654a43ea27239bd7f56afa333a59a7c
-
SHA512
e184bf67a29fcc8b01afb9d225b57fc33e3b3cc905c01f585a5a417b6c106d8f2aeaf3133cd4b2f3c7aa5dec517096356e46f3ee2f05953fdd0c6af63191ac44
-
SSDEEP
96:BZH1uy6XIUoN2lcJc9l8SVinV2F2uFInZW6cNxTGji578Gji5rmjiQD0wGji57ty:BZVh7yeSQnV2F2AIZW3NxT78i0w7t
Static task
static1
Behavioral task
behavioral1
Sample
1ZXSAOPKH09SA_PAYMENT-COPY.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1ZXSAOPKH09SA_PAYMENT-COPY.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
vjw0rm
http://jamnnd.duckdns.org:8024
Targets
-
-
Target
1ZXSAOPKH09SA_PAYMENT-COPY.js
-
Size
9.0MB
-
MD5
2e2078339793c66d19efb2c4b642ccb1
-
SHA1
714ae2b2c1ac173e5539c95d4594c0d3ed4aa438
-
SHA256
15473e094a9ec464cce7a31879bc27eec654a43ea27239bd7f56afa333a59a7c
-
SHA512
e184bf67a29fcc8b01afb9d225b57fc33e3b3cc905c01f585a5a417b6c106d8f2aeaf3133cd4b2f3c7aa5dec517096356e46f3ee2f05953fdd0c6af63191ac44
-
SSDEEP
96:BZH1uy6XIUoN2lcJc9l8SVinV2F2uFInZW6cNxTGji578Gji5rmjiQD0wGji57ty:BZVh7yeSQnV2F2AIZW3NxT78i0w7t
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-