Extracted

• • Target

    39372ec10b2720511f8ca94e8aed43273c507637ec03f9a1eac279aadeb22c55.js

  • Size

    24KB

  • MD5

    4272d76e2efed7d323e14bccef987913

  • SHA1

    a8cde379b41cfafb036896484844620a7fcc11c6

  • SHA256

    39372ec10b2720511f8ca94e8aed43273c507637ec03f9a1eac279aadeb22c55

  • SHA512

    717ca100e5f2463b8aa675185e2dbd743a015fffe7654dab2b227691ed66e9443a3e387d31c3eeed63a22d1b3f77b213feec3c3fe6c1438ddf5313066f2583a9

  • SSDEEP

    384:0B+UO8kwlbBtHS0ihYvG3bMZcCOQHp4aIX6xEzWZNxFlumanjjjIYNFLD5zvOJ:09ewl7tGr+Oy4aPOL13IoFLdzGJ

  Score

  10^/10

  vjw0rmpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2