Extracted

• • Target

    KBH-2092649118.js

  • Size

    409KB

  • MD5

    b981d918dc8628b9c0a657f5e62c595f

  • SHA1

    e4c9f272e99b20201a440cf267d5645180531fd9

  • SHA256

    fd04d5a8a5e86c1666282015aa9496bc94da38c7a057745754afe6e4da2aef33

  • SHA512

    7869703c1a53ece58ecdce67d15b9af9e02a7cbb4cf6563c873c7635344a964144e59820247bb625da6c18ad8563812e186a0e3cb50d515a834fd17fbeec47eb

  Score

  10^/10

  vjw0rmxloaderpzi0loaderpersistenceratsuricatatrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata

  • Xloader Payload

    rat

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2