strrat | 5d85139835dee61ab951d98035d73d72a6e6f732b8974c261fa19c6642d47dd0 | Triage

Submit
Reports

Overview

overview

Static

static

1

KENBAXTERC...OPY.js

windows7-x64

KENBAXTERC...OPY.js

windows10-2004-x64

Sharing

General

Target

KENBAXTERCLIENTCOPY.js
Size

3.8MB
Sample

230207-erxt5ahc92
MD5

c7b0633dd0db084edd9264e1bece25f1
SHA1

acfbc379e088ff2e65f394cc8c861192abed8117
SHA256

5d85139835dee61ab951d98035d73d72a6e6f732b8974c261fa19c6642d47dd0
SHA512

40e59df5525d1b9bbb4007047b95ffe19ad03f58c8c785f9b9772622340665ae361a7083578f910238efbf48855cd143ee737d5c05b23503c65ad3465f71b441
SSDEEP

3072:qrYedmaAO8Or8YETkPjuYf/J4foavMLBjqybnW80/ng7sdiiQzs1ekLQzFCDUrWc:G6R1xQqU

Score

10^/10

strrat vjw0rm persistence stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

KENBAXTERCLIENTCOPY.js

Resource

win7-20221111-en

strrat vjw0rm persistence stealer trojan worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

KENBAXTERCLIENTCOPY.js

Resource

win10v2004-20220812-en

vjw0rm trojan worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  KENBAXTERCLIENTCOPY.js
- Size
  
  3.8MB
- MD5
  
  c7b0633dd0db084edd9264e1bece25f1
- SHA1
  
  acfbc379e088ff2e65f394cc8c861192abed8117
- SHA256
  
  5d85139835dee61ab951d98035d73d72a6e6f732b8974c261fa19c6642d47dd0
- SHA512
  
  40e59df5525d1b9bbb4007047b95ffe19ad03f58c8c785f9b9772622340665ae361a7083578f910238efbf48855cd143ee737d5c05b23503c65ad3465f71b441
- SSDEEP
  
  3072:qrYedmaAO8Or8YETkPjuYf/J4foavMLBjqybnW80/ng7sdiiQzs1ekLQzFCDUrWc:G6R1xQqU
Score

10^/10

strrat vjw0rm persistence stealer trojan worm
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratvjw0rmpersistencestealertrojanworm

behavioral2

vjw0rmtrojanworm

© 2018-2025

Terms | Privacy