General
-
Target
ec87b49270ad1afb170890fc4644bd59.bin
-
Size
160KB
-
Sample
230116-kv5xssce85
-
MD5
0d55b80e369a32a3c3703d24297d5238
-
SHA1
950bec469cb649dc3cff83a6859f8a7ec14d688c
-
SHA256
dd30f86bb328a8ae6f2d5d12610b83c4bb632127e5b28086b4e0c548746cb2ba
-
SHA512
a812561f59a0f1584f6bf88306bb8c6e20b5bbd3cc70bb44af088712962c69672df4a32ef92e202d79993f8cda38e1376d822653063dc476dbf07e287a8c22ac
-
SSDEEP
3072:4HTscu7YMv4cU+KlnERtz4e1xyF14zRVTf4wT03LOmxrE/ApphT:4T5OYMv6rJERtMeS74zvTAGOOmNLT
Malware Config
Targets
-
-
Target
cd6b788372fc6c577a7f0de514ee7a4ed42da59b866581ddeb0e6c38228428d3.js
-
Size
260KB
-
MD5
ec87b49270ad1afb170890fc4644bd59
-
SHA1
997f47e7d0bd7bc4ba59c2b737c0b5e108858b62
-
SHA256
cd6b788372fc6c577a7f0de514ee7a4ed42da59b866581ddeb0e6c38228428d3
-
SHA512
2daa9b36563380a3d55f2a0ec8ddbd1b8fe5d045acb9b98fb210af0e861ed523adef67ee791680e9a9608733e89ba274507ed2405ac9191f62e01f709f19162f
-
SSDEEP
6144:EPP/pyxHpiGSxCXJZTv+jCtMX1/MJIUDKi:EPHpyR17r+jCtMl/kD9
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-