General
-
Target
HK SEMI CORPORATION CO,,Ltd.js
-
Size
4.6MB
-
Sample
230213-nz5z5scd8v
-
MD5
3cbcc574b184d5719059b21b9786bbf0
-
SHA1
9ed29659b5b54cdf60cf2b9495224aec1a261e67
-
SHA256
00b6a46542f80c34df42fe3d9e369eb7c39566e902e9ac92238dc90166446a6c
-
SHA512
68d5c2e058f28c9f1760f40af8fce6b0f786a0ed4aa99cc86df227415c66688e6de1264929d937ed20d111d7551b7ec0944791a5753045ce821167b09ddac9c7
-
SSDEEP
3072:2GRbdyiMKBDjY086keLyVXiQp7IayQ6Q/27SSi8s2ag6N8TiwzccqhWM307KIiWW:R06HV4dbI+eeHbESp
Malware Config
Targets
-
-
Target
HK SEMI CORPORATION CO,,Ltd.js
-
Size
4.6MB
-
MD5
3cbcc574b184d5719059b21b9786bbf0
-
SHA1
9ed29659b5b54cdf60cf2b9495224aec1a261e67
-
SHA256
00b6a46542f80c34df42fe3d9e369eb7c39566e902e9ac92238dc90166446a6c
-
SHA512
68d5c2e058f28c9f1760f40af8fce6b0f786a0ed4aa99cc86df227415c66688e6de1264929d937ed20d111d7551b7ec0944791a5753045ce821167b09ddac9c7
-
SSDEEP
3072:2GRbdyiMKBDjY086keLyVXiQp7IayQ6Q/27SSi8s2ag6N8TiwzccqhWM307KIiWW:R06HV4dbI+eeHbESp
Score10/10-
STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-