General
-
Target
Notification of ACH Payment submitted on 06.04.2022.zip
-
Size
5KB
-
Sample
230410-llsrjsge43
-
MD5
f1831404aca394f6d9d65c3865e353b6
-
SHA1
f708321a5dbd0f68a1ce0c0427751d02d54ea0a3
-
SHA256
52f21d348213af19e110b71ec512aa114c1dcf4368d50484ffcd74f56b1b6610
-
SHA512
235f775f2787b7e67c71e69c9c7082a5168ca3af1ebf0bef437b8e4a9e13e577cbbf24c5571383934e041a3caf7ec3bf4a02e1140bfee7b48361472580bc1d53
-
SSDEEP
96:NlwNwBlmSTjBNQHSGJ2zW4KbUCbjxhoLMEyKmTd2v0V0AtUimzuU5G0UT5eE7ycI:PwWBlmSnSSGJ4JKbFhojyKmR26lU5G30
Malware Config
Targets
-
-
Target
Notification of ACH Payment submitted on 06.04.2022.js
-
Size
7KB
-
MD5
e7aaf9c2ba37b07ef6fb5095c33a3291
-
SHA1
1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
-
SHA256
aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
-
SHA512
b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
-
SSDEEP
192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-