General
-
Target
Proforma DA request.js
-
Size
1.4MB
-
Sample
230113-kklq6sbd5v
-
MD5
6ed6de4f3937d74a4a890fd63a731913
-
SHA1
e6e6c10575efbc35a55d47bd4769223da7a8d9cc
-
SHA256
d545270fe4ea4823d14c419ec38d3c1f861c6a24c096b3b0953960428c4ef395
-
SHA512
717911ec6dd302ad70a13da42bc877cc02b268bf515c09dfea302799665e6102a1585575232b4191ac586904b418f360aab46d5da7df7f63a97f661678579c82
-
SSDEEP
24576:7BqyjfTTfng/+3tHhRkeBQxoS+Vy9ePXG:7BRTTYQBRksQxoS+8f
Malware Config
Targets
-
-
Target
Proforma DA request.js
-
Size
1.4MB
-
MD5
6ed6de4f3937d74a4a890fd63a731913
-
SHA1
e6e6c10575efbc35a55d47bd4769223da7a8d9cc
-
SHA256
d545270fe4ea4823d14c419ec38d3c1f861c6a24c096b3b0953960428c4ef395
-
SHA512
717911ec6dd302ad70a13da42bc877cc02b268bf515c09dfea302799665e6102a1585575232b4191ac586904b418f360aab46d5da7df7f63a97f661678579c82
-
SSDEEP
24576:7BqyjfTTfng/+3tHhRkeBQxoS+Vy9ePXG:7BRTTYQBRksQxoS+8f
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-