Extracted

• • Target

    734861f4226848bb53bcb7fbf84766128d04a251574ffe039f310050a2b8340c.vbs.danger

  • Size

    95.4MB

  • MD5

    908c8875c901cb573703ee5ca873d559

  • SHA1

    375c29372950e7ac683827c811b7bacdfbdc3882

  • SHA256

    734861f4226848bb53bcb7fbf84766128d04a251574ffe039f310050a2b8340c

  • SHA512

    df29cb9d8ac1fa6c4a88f166f62e59c2715c87221d19ec84786e219b6a98d9a5cf3ac277d0e2f0c6e8bdf6c355f314240c3911866ca3fda81cab27d0e7166ba8

  • SSDEEP

    192:8ZVh7aiI1rk2H2ZSm35+vhOJzLq8MyOY:mVciI1S4YZPMVY

  Score

  10^/10

  vjw0rmpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2