General
-
Target
591cc603d2dd93e8b55647474da7600e.js.vir
-
Size
26KB
-
Sample
230727-nqqtvseh6v
-
MD5
591cc603d2dd93e8b55647474da7600e
-
SHA1
497c298b8dee8a9497819cdd22a76683af338c09
-
SHA256
dabba99a6651e2785e3b9910d32e8ea0e37bd75e9fd20731f308f0a65c6652c6
-
SHA512
c6436438e70bee2ef07eab5f990ac67a9b6ec091a88d214d72ddf9dca4149f2f7d1d0cadf9e58e11914e6a83559ac0c7d54a1e07d6ac9e674ca724c657e97b29
-
SSDEEP
768:tkMyzTR34YJjyS/cgVNzmop+Ghx+HXwrI:tpyzTyYUhaNzmWy37
Malware Config
Targets
-
-
Target
591cc603d2dd93e8b55647474da7600e.js.vir
-
Size
26KB
-
MD5
591cc603d2dd93e8b55647474da7600e
-
SHA1
497c298b8dee8a9497819cdd22a76683af338c09
-
SHA256
dabba99a6651e2785e3b9910d32e8ea0e37bd75e9fd20731f308f0a65c6652c6
-
SHA512
c6436438e70bee2ef07eab5f990ac67a9b6ec091a88d214d72ddf9dca4149f2f7d1d0cadf9e58e11914e6a83559ac0c7d54a1e07d6ac9e674ca724c657e97b29
-
SSDEEP
768:tkMyzTR34YJjyS/cgVNzmop+Ghx+HXwrI:tpyzTyYUhaNzmWy37
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-