General
-
Target
Notification of ACH Payment submitted on 06.04.2022.js
-
Size
7KB
-
Sample
230407-q3b8cahc67
-
MD5
e7aaf9c2ba37b07ef6fb5095c33a3291
-
SHA1
1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
-
SHA256
aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
-
SHA512
b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
-
SSDEEP
192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX
Malware Config
Targets
-
-
Target
Notification of ACH Payment submitted on 06.04.2022.js
-
Size
7KB
-
MD5
e7aaf9c2ba37b07ef6fb5095c33a3291
-
SHA1
1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
-
SHA256
aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
-
SHA512
b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
-
SSDEEP
192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-