General
-
Target
RTG5054OMP.js
-
Size
56KB
-
Sample
220202-kep7eahecr
-
MD5
cf8e2c21b3c001472a58a70a032ccc1f
-
SHA1
62bcf392c39173a92f1f9ead8138983585151a3e
-
SHA256
43e1d402831c24045b8ee61b59defaa7ab32bd61a3e74d39f5d0cbf88e639b11
-
SHA512
6059bb9f5e64389aaff2e34960a6b86f7246b6b52b1e696b0adf1e30aebc3536653b45a389101cb4b2780f731abb974c3c6323a39c3839adcfbdf57ebbbc67e1
Malware Config
Targets
-
-
Target
RTG5054OMP.js
-
Size
56KB
-
MD5
cf8e2c21b3c001472a58a70a032ccc1f
-
SHA1
62bcf392c39173a92f1f9ead8138983585151a3e
-
SHA256
43e1d402831c24045b8ee61b59defaa7ab32bd61a3e74d39f5d0cbf88e639b11
-
SHA512
6059bb9f5e64389aaff2e34960a6b86f7246b6b52b1e696b0adf1e30aebc3536653b45a389101cb4b2780f731abb974c3c6323a39c3839adcfbdf57ebbbc67e1
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-