General
-
Target
T817630494847_Payment_receipt_Pdf.js
-
Size
2.0MB
-
Sample
230223-lhds8ahc4t
-
MD5
f8a9117d4c4217fd4cbab1da6d3359b6
-
SHA1
f3ea387aeaf9e587d135d797e0468904328c291a
-
SHA256
db99c6255bfd1d06c6a103e4602715c069039c140389d33d2909912e1b58158d
-
SHA512
232eb1d882feac675994d192436254521b42a2b1d2ae32f6c5cd8618ae29d619a26ad9672f6644a62abfd484a1b0e76f69003d40f79a14cc200be4b124d0bea6
-
SSDEEP
192:aZVhB3qe3Ju2l2ZUCz1ZNWDl01tHY8T0:cVHaLRZcmXpg
Static task
static1
Behavioral task
behavioral1
Sample
T817630494847_Payment_receipt_Pdf.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
T817630494847_Payment_receipt_Pdf.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
vjw0rm
http://js9300.duckdns.org:9300
Targets
-
-
Target
T817630494847_Payment_receipt_Pdf.js
-
Size
2.0MB
-
MD5
f8a9117d4c4217fd4cbab1da6d3359b6
-
SHA1
f3ea387aeaf9e587d135d797e0468904328c291a
-
SHA256
db99c6255bfd1d06c6a103e4602715c069039c140389d33d2909912e1b58158d
-
SHA512
232eb1d882feac675994d192436254521b42a2b1d2ae32f6c5cd8618ae29d619a26ad9672f6644a62abfd484a1b0e76f69003d40f79a14cc200be4b124d0bea6
-
SSDEEP
192:aZVhB3qe3Ju2l2ZUCz1ZNWDl01tHY8T0:cVHaLRZcmXpg
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-