Extracted

• • Target

    New DHL Shipment Document Arrival Notice Shipping Documents Original BL, Invoice & Packing List.js

  • Size

    1.9MB

  • MD5

    f51aee23c560560ae8bddb813dbc69fc

  • SHA1

    fc26a039ed4f48b957463d6dd20bc5c903337268

  • SHA256

    0c3ecc4baf3fc3a1dcc446a8f979fcf61a0d4ef1cfd4cb84c99cb7f3b3e170c1

  • SHA512

    8dae74f8f0959cb2901e8fd5b8b185150c658e0a908c56e6687fb8d009c2a5332aa6fd46947f1a6442672f237737772d2d7f9a43a313664ec2a64e35edc70397

  • SSDEEP

    12288:TCbvguAMWCPI7nreA07d7x3zqAEiQ3sm0YrYTdmEKGcrtHg2qTecw+z2Om:Qgu37tqAEiQcmGTrKG6t3qTRJm

  Score

  10^/10

  vjw0rmwshrattrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2