Extracted

• • Target

    Purchaseorder.js

  • Size

    3.1MB

  • MD5

    cd12101e3da7cfc1e15be51324d97f26

  • SHA1

    3ef05de60568b30104e18a72b783c8e21fb83c01

  • SHA256

    7ef5dc83e3a2f53a078a034d6edb8b07684efe844af306b60e65509d61a01b46

  • SHA512

    fb26613b48898ebaa72f6e2188b7bda90aedd7e1d6ee6190d7fb6c53cbfd504910160ee3b902bbb3c3cb470ef710409f4bb6d742e2085cc154788b535c6b1ae1

  • SSDEEP

    768:qQKDwkB5j+Dd3MLyi/vdvK8cuUzwJBO0enr8uYUlN8b6iLBJbr59RlwDh:x8wkDaDd3gyiVAz10+ouFkPr52d

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2