Extracted

• • Target

    Spécifications de la commande.js

  • Size

    26KB

  • MD5

    890730ddebf9affaebc94bd26ca5ba14

  • SHA1

    184fd52a0525b68c964f2b1c68fc7ed0f93a41b2

  • SHA256

    822b0e065dd9e5bb4441ab4e7641f73e34d240272b2c664141d07abdd0ed7f2d

  • SHA512

    77220a8c9c38a2fd5bf31243e52ea9eb50429cd2554b7709d19beae64076208b10bdb9e4e76cee2a931a871a763a5a7a7b4adefb18c7eaeac7b38fc1e7c6476a

  • SSDEEP

    768:LqWqIHKOv52EIhyW3ub2SlnnPYEJr8sv/hFXpMkdDkyO:LqWzHB5GhbuqSlnwj+JppMcIyO

  Score

  10^/10

  vjw0rmdiscoverypersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1