General
-
Target
Fully Executed Contract.js
-
Size
984KB
-
Sample
230124-t64csacf78
-
MD5
6896610816747b15420b9c1b481283ec
-
SHA1
2a942e057e0d1427cca9827a2e268d2aca207e16
-
SHA256
7c0df5e5dc598888c62cb7ebfb76b940e310b45f7c78a4a0797aabd4b6e1f1b2
-
SHA512
291f0314936b742383a20b4a5bb6abf6f39bc4d97e09346e275ef2de9d9c97c9788c7f0d11e6bf41cbfce7645df89586b98ed94200bd2d7df769d605275d98c8
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8exLbSXlZB7AM:eQ3B7qgpKLbE
Malware Config
Extracted
wshrat
http://auto.stevenpartners.com:23015
Targets
-
-
Target
Fully Executed Contract.js
-
Size
984KB
-
MD5
6896610816747b15420b9c1b481283ec
-
SHA1
2a942e057e0d1427cca9827a2e268d2aca207e16
-
SHA256
7c0df5e5dc598888c62cb7ebfb76b940e310b45f7c78a4a0797aabd4b6e1f1b2
-
SHA512
291f0314936b742383a20b4a5bb6abf6f39bc4d97e09346e275ef2de9d9c97c9788c7f0d11e6bf41cbfce7645df89586b98ed94200bd2d7df769d605275d98c8
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8exLbSXlZB7AM:eQ3B7qgpKLbE
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-