General
-
Target
06aa113b75c9ddc108ff63d9037edade50e289f1130418a952f785653ef5255f.zip
-
Size
20KB
-
Sample
221122-sbzknsga77
-
MD5
760a5b4d90f9cec6cff9bfe524c01d9c
-
SHA1
6ccfc192eeeeb09bfd3019209ebce95aa650154f
-
SHA256
1f5c664535360790c1fa661ddce849e684115b90381ba3a30d682cbf156f04b5
-
SHA512
ee2b88bc5ea66ef7c2d381bde2ba2ac0dbc0f5ac6099a5ca7eaa89e7a473c14f0777b42cc86d3cc0a772804ceccacdc39429c0693303cd743881b05dcffb4a2f
-
SSDEEP
384:JLckERjRP13+oX5ZqyWLj3t/vH9pXSZnyzCy2+zYAVPO6LbYzYqso9dBMuG8Q:+HRjbn/LIj93H9piZGCy3t2dsCA3x
Malware Config
Extracted
wshrat
http://vipdata2.ddns.net:21234
Targets
-
-
Target
06aa113b75c9ddc108ff63d9037edade50e289f1130418a952f785653ef5255f.js
-
Size
55KB
-
MD5
cd2d5a502d440723de4924354e1b8641
-
SHA1
de0648c4f80577e5721e21c840790f1e9aec797c
-
SHA256
06aa113b75c9ddc108ff63d9037edade50e289f1130418a952f785653ef5255f
-
SHA512
728fcb366be08fde12b91f77667871b9770ebb5fb0450611f401c852d7bfbe9fa5e3a3a57c7c756e5d375033c49be84ca42fc2e6dd4d624acf230515ecf5db71
-
SSDEEP
768:kbVlwQU89qOfShvRI8r3mRDCrn+KC6PvLczmfl5tO7OKXycUU8OiS6:CVxU85S/I8rWen+K7L7fU7licUU8Ou
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-