General
-
Target
f489e06eaad676b122dad2174b307347
-
Size
63KB
-
Sample
220621-rvm6bagdh2
-
MD5
f489e06eaad676b122dad2174b307347
-
SHA1
658142f34295a5dcf5019d2e9cbe741d38299b85
-
SHA256
50faf602949879354d2053ed113c6bf8a41445fbc064c43950ea3f900958272e
-
SHA512
6deaff617dbf242ebec2bb20f7f33d60617511d7aed499635b34f184b181807421655e77f2a66ac37665dea87282960932fb94a7484452e4455099a92563cb10
Malware Config
Targets
-
-
Target
PO00921778.js
-
Size
102KB
-
MD5
0c202ad80846938dac13198b15f13e5e
-
SHA1
b50ac1c8e51a23ff90934841874e3f3b9ec0d9f5
-
SHA256
165e72eeb78cbe4e36f321fe478c5f24e1e9905e8b8f5587261c2d564e676857
-
SHA512
aae8334e7ea0ba84590a72f9315b1d4feb3f00c23af420e03fc7fdbd632cfd63ae4d6ee3c0039897f2579f32558066b4518a75f82cc4063d03e2b45402f14379
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-