Extracted

• • Target

    Payment Proof.js

  • Size

    1.0MB

  • MD5

    ffa58d4c1cdaa668c70ac759084a1455

  • SHA1

    b34653f7776c84cfb3800e584728193ee833d36a

  • SHA256

    ccee0d9c31d2d4823313c01a581fc44a63b6745144a36253519782b446efb048

  • SHA512

    400ef6f6b9643d0a89628b22cc0af6704f7227f3e42842757f6f41480b5ce74a1c0b3a4449ebe410f0fc1776f6ee4c023dc9f0183eabad0697d1225712005f0b

  • SSDEEP

    12288:GtHYDeDuDLzi5Z1aezTLuYsv/2sXAi1vDPZ7bC0ntzGeq:Y6eruYsv/2sXAi1vhbVzTq

  Score

  10^/10

  vjw0rmwshrattrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2