General
-
Target
QuotePRNoPR0078966js.js
-
Size
2.7MB
-
Sample
230627-rpe8hsfd3t
-
MD5
11787e302194face53158981dd1287ad
-
SHA1
db9f3e778c2a89ed5fbe974b9e0fbb01694dfad2
-
SHA256
878515aa4b2f6edb65201aa9946331781c71b1de80dccba2b16461336a2e2031
-
SHA512
62a6639cb6d7f579055cba4eaa7fd1d278fd8bfb14caeb6c2dd9010b84d0d6d0979eb1b6422567a6a3a1b1d3b16be67ff8f62b8c2fa99d44d89b5309010f1203
-
SSDEEP
24576:ZvCtCaKHazWgAjNbQtkYzN/Z1KsftoAhSAJxjHy9TYbiYY5HXH3Fx0X7HGqLGaTl:mBt
Malware Config
Extracted
wshrat
http://79.110.49.161:2050
Targets
-
-
Target
QuotePRNoPR0078966js.js
-
Size
2.7MB
-
MD5
11787e302194face53158981dd1287ad
-
SHA1
db9f3e778c2a89ed5fbe974b9e0fbb01694dfad2
-
SHA256
878515aa4b2f6edb65201aa9946331781c71b1de80dccba2b16461336a2e2031
-
SHA512
62a6639cb6d7f579055cba4eaa7fd1d278fd8bfb14caeb6c2dd9010b84d0d6d0979eb1b6422567a6a3a1b1d3b16be67ff8f62b8c2fa99d44d89b5309010f1203
-
SSDEEP
24576:ZvCtCaKHazWgAjNbQtkYzN/Z1KsftoAhSAJxjHy9TYbiYY5HXH3Fx0X7HGqLGaTl:mBt
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-