General
-
Target
RTK009ESQW.iso
-
Size
136KB
-
Sample
220207-vcan2sefcr
-
MD5
b3654c817e609df902a32dd0ff923f82
-
SHA1
9dd6a609f9564b9b7b1dbbf02c395cdbed63ce1a
-
SHA256
498156166a19ca4a2f60475444a7dba94441f4a3839e9e98d0e7d9aa970fc7fa
-
SHA512
d412900ebf2daaf810a9361bc021691c8714e64e929d95d358fbec0b0864c8676f7e183ad64a7d1cd39f776e610b2dd76a6bdceb112561e4ab8bfa9936b53efa
Malware Config
Targets
-
-
Target
RTK009ENF.js
-
Size
61KB
-
MD5
4aeac345ff0d52f7ea2e9a9b9de73cb4
-
SHA1
cb3c9866359b2db03f80f9715cc84a3d9e743f12
-
SHA256
16ee8787395039445c472df4c45834ac3e6299f753764dbe27b9bc031e383a9b
-
SHA512
266a5a3ac9c6c88325f5234ad16918db5b936aeeffed41d003d340a3c24b05974fb78bb7575f00bff50b6d01da2a0b57d548d4bd51b8691540d982249c7bd6c9
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
YRGH009QA.js
-
Size
13KB
-
MD5
7e4052c4ef66b69ea6567cf9511cddcd
-
SHA1
4d3b046443bbba80244121c7ff44b3c4425292d3
-
SHA256
c91b33406d00fdedeebd6ce809a612df96b5cea7835c2c13061498c6960d76e3
-
SHA512
2b0ee57fdd1f77cb54f657fbea8637f040bba3728916f7e376e9f465ecca70e52dc9296c185908b9a37760812f85962b323bfcc7acdb74563cb45b089e8c0f19
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-