General
-
Target
57333809-dbd0-4c22-b696-ed9d3682de21.js
-
Size
285KB
-
Sample
230208-b66h2agf88
-
MD5
3bbcc5d020c78a15e255fd64488ca85f
-
SHA1
7c51ef5035b77aa6557e6f4ecd87db3672d17703
-
SHA256
89f45442db86a345f88320a8d4f0b5f5ac49a8828181f98d62c30633821dffbf
-
SHA512
b4b756be58ea82a1c978cb5ee5b43b380976f5aa4ae9c25c567196bae678c72cb2316ed51a4964f2d62010926fc81695d8bdb9faef09579a67ba0314229d004b
-
SSDEEP
6144:7DrSmg1GX1AYjy8iRH8mwZBN50AbjAfjgauIOI4Jsu:7DrS1GXOut/59bjAf7O6u
Malware Config
Extracted
wshrat
http://oyo.powrkenken.info:46077
Targets
-
-
Target
57333809-dbd0-4c22-b696-ed9d3682de21.js
-
Size
285KB
-
MD5
3bbcc5d020c78a15e255fd64488ca85f
-
SHA1
7c51ef5035b77aa6557e6f4ecd87db3672d17703
-
SHA256
89f45442db86a345f88320a8d4f0b5f5ac49a8828181f98d62c30633821dffbf
-
SHA512
b4b756be58ea82a1c978cb5ee5b43b380976f5aa4ae9c25c567196bae678c72cb2316ed51a4964f2d62010926fc81695d8bdb9faef09579a67ba0314229d004b
-
SSDEEP
6144:7DrSmg1GX1AYjy8iRH8mwZBN50AbjAfjgauIOI4Jsu:7DrS1GXOut/59bjAf7O6u
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-