General
-
Target
Purchase Order.vbs
-
Size
5KB
-
Sample
220622-vknwmshghl
-
MD5
1679b30714601c805ca6c79ffc52013d
-
SHA1
f450951426f056cc66ce7232a1ea12cbd4f5acd5
-
SHA256
4144993550833321f6031796034f3afe5fecbcc61fc61bfab403fefba4e6dccc
-
SHA512
c78233a43e091342bae5e3344e85f2ab21e1e249095b589ccade5e559fd6630ea71ac9319fe5c455d82a568a47a9c54db71da28dfb93df8556c66b8b2db83923
Malware Config
Extracted
vjw0rm
http://rick63.publicvm.com:1849
Targets
-
-
Target
Purchase Order.vbs
-
Size
5KB
-
MD5
1679b30714601c805ca6c79ffc52013d
-
SHA1
f450951426f056cc66ce7232a1ea12cbd4f5acd5
-
SHA256
4144993550833321f6031796034f3afe5fecbcc61fc61bfab403fefba4e6dccc
-
SHA512
c78233a43e091342bae5e3344e85f2ab21e1e249095b589ccade5e559fd6630ea71ac9319fe5c455d82a568a47a9c54db71da28dfb93df8556c66b8b2db83923
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-