General
-
Target
PO docs.js
-
Size
167KB
-
Sample
220621-kw669aege5
-
MD5
ce75410067a95c5ceccf08f7487cf247
-
SHA1
e38edaf16c0b2e994fc65e5228912428c6fdffa3
-
SHA256
f356566e43a72607bcb73734f5c3dd4b03117f42a03e0534b327e2fb4b3d7132
-
SHA512
719977b1962ea8799e3cdb1b933efa6547dcc1a215ec97a544f522e903e6904df2e688463799dbf70ae89fb9a6ee485ab09b40fed342824c530513f34000b95c
Malware Config
Extracted
vjw0rm
http://45.138.16.233:1985
Targets
-
-
Target
PO docs.js
-
Size
167KB
-
MD5
ce75410067a95c5ceccf08f7487cf247
-
SHA1
e38edaf16c0b2e994fc65e5228912428c6fdffa3
-
SHA256
f356566e43a72607bcb73734f5c3dd4b03117f42a03e0534b327e2fb4b3d7132
-
SHA512
719977b1962ea8799e3cdb1b933efa6547dcc1a215ec97a544f522e903e6904df2e688463799dbf70ae89fb9a6ee485ab09b40fed342824c530513f34000b95c
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-