General
-
Target
New-Order.js
-
Size
99KB
-
Sample
220613-g93jfaebgp
-
MD5
8b7ae228ef069f1571c7e190dc5682d2
-
SHA1
4798548a17f3fbf96adcc70ca3a90661917cf80a
-
SHA256
402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf
-
SHA512
da0e6a83925d6acb5fcf00bed76e87518bfd350ac0d65e144e67b72bf4c3089ca966e8b892c2ee56e1ff17a7090ade0c8ca611f1d51dfd03255f39d4296a6b65
Malware Config
Targets
-
-
Target
New-Order.js
-
Size
99KB
-
MD5
8b7ae228ef069f1571c7e190dc5682d2
-
SHA1
4798548a17f3fbf96adcc70ca3a90661917cf80a
-
SHA256
402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf
-
SHA512
da0e6a83925d6acb5fcf00bed76e87518bfd350ac0d65e144e67b72bf4c3089ca966e8b892c2ee56e1ff17a7090ade0c8ca611f1d51dfd03255f39d4296a6b65
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-