General
-
Target
67ac71e7cfaec7690ba3a3e7667d42a9.js.vir
-
Size
50KB
-
Sample
221206-gat31sce6w
-
MD5
333ea6ce446885c142d1db4c763694d1
-
SHA1
ee9c25b733b5034c5efc823ae0ca91698ef6215b
-
SHA256
3829ef9c4f029cc1b094b8b8c83df4a41a438f80194f11e17ffcd57f4e4a0ddd
-
SHA512
a59a27bb3b6ad37850fad12eb3843094168900a95d076905a2af58eb91dbe01a785c9b56c07852f703f1eb56287bb9f203ebff9c444aaffbbe4b9cbb3a1b4db5
-
SSDEEP
1536:0AFRWvBtHzqLH5/1ch9djoUbWHuehWcflUYskOE:0ycLHWLH5tcFjoQWHuG5hse
Malware Config
Extracted
wshrat
http://45.139.105.174:1604
Targets
-
-
Target
67ac71e7cfaec7690ba3a3e7667d42a9.js.vir
-
Size
50KB
-
MD5
333ea6ce446885c142d1db4c763694d1
-
SHA1
ee9c25b733b5034c5efc823ae0ca91698ef6215b
-
SHA256
3829ef9c4f029cc1b094b8b8c83df4a41a438f80194f11e17ffcd57f4e4a0ddd
-
SHA512
a59a27bb3b6ad37850fad12eb3843094168900a95d076905a2af58eb91dbe01a785c9b56c07852f703f1eb56287bb9f203ebff9c444aaffbbe4b9cbb3a1b4db5
-
SSDEEP
1536:0AFRWvBtHzqLH5/1ch9djoUbWHuehWcflUYskOE:0ycLHWLH5tcFjoQWHuG5hse
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-