General
-
Target
ShippingDetails.js
-
Size
4.6MB
-
Sample
230605-wsnfhsaa76
-
MD5
e8150ba03200183abce718f6b028b2c3
-
SHA1
606491a54f6dc244fc533317a0f936b818de9a4c
-
SHA256
3f3ee13d1a86d8f63c3c730556cfcff2a1f8d22980fdc001b5240ce7315dcd23
-
SHA512
4aa7fd5b696933155143f66a54785c48ff368bb6fbf7f5afcc24ababd2436c31b0d847f32b3d66888867f179a34dd9284a9c9a8f54f3f96ea23601804bafacb5
-
SSDEEP
24576:p5K1gGMDzG6PbjQ46Te9iEQokfhrC/SwzkfHGi9xM7LHyG9XqUrQdAtzkTGCJTrK:G3Fmv
Malware Config
Extracted
wshrat
http://139.177.146.165:4848
Targets
-
-
Target
ShippingDetails.js
-
Size
4.6MB
-
MD5
e8150ba03200183abce718f6b028b2c3
-
SHA1
606491a54f6dc244fc533317a0f936b818de9a4c
-
SHA256
3f3ee13d1a86d8f63c3c730556cfcff2a1f8d22980fdc001b5240ce7315dcd23
-
SHA512
4aa7fd5b696933155143f66a54785c48ff368bb6fbf7f5afcc24ababd2436c31b0d847f32b3d66888867f179a34dd9284a9c9a8f54f3f96ea23601804bafacb5
-
SSDEEP
24576:p5K1gGMDzG6PbjQ46Te9iEQokfhrC/SwzkfHGi9xM7LHyG9XqUrQdAtzkTGCJTrK:G3Fmv
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-