Extracted

• • Target

    paid_invoice1.js

  • Size

    3KB

  • MD5

    2ef952eeb1e0caf443dfee9cbf97f086

  • SHA1

    6226e9e1319a33c523e4634d64478cfef9bf2084

  • SHA256

    23280d742e475a0a00dae2a6ff0686092ccd14f02b292b4be61de7b73b7dcbda

  • SHA512

    72970f2e32009d4973eac334c2955f0ad185d6b7b670a1767e63440bae51c47bb040a9615cfae5d9d92f689a714098e58a77a7661a8a0b9316a7eceec27ce8a3

  Score

  10^/10

  vjw0rmpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2