Extracted

• • Target

    Payment Invoice #81043714.js

  • Size

    50KB

  • MD5

    420e4b61bb014da713db2add36773df6

  • SHA1

    725cf6c6a5ba19491503d418c09afbc2630b8121

  • SHA256

    aeedca1560f20e90dc61392f917ec34ee6248dcde0107f986f18e3f5e65b3698

  • SHA512

    8c6ee0e8825e6c9038baaf6594d16f4e1af8a962ac50689c5a44f6d5469270c821b412613d937dd87f757fcac364264cbf91a2e3076878e6f4e1f6b87f96641c

  • SSDEEP

    1536:0ApR1ygtHzqLH5Nk9hSrHAbsHrTzxABUizbd2M0SaacD:02HJHWLH5S9qHEsHvSCa0pacD

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2