General
-
Target
NEAS.NEASNEAS0c3ecc4baf3fc3a1dcc446a8f979fcf61a0d4ef1cfd4cb84c99cb7f3b3e170c1jsunknownunknown_JC.unknown
-
Size
1.9MB
-
Sample
231018-vxt87agh5v
-
MD5
f51aee23c560560ae8bddb813dbc69fc
-
SHA1
fc26a039ed4f48b957463d6dd20bc5c903337268
-
SHA256
0c3ecc4baf3fc3a1dcc446a8f979fcf61a0d4ef1cfd4cb84c99cb7f3b3e170c1
-
SHA512
8dae74f8f0959cb2901e8fd5b8b185150c658e0a908c56e6687fb8d009c2a5332aa6fd46947f1a6442672f237737772d2d7f9a43a313664ec2a64e35edc70397
-
SSDEEP
12288:TCbvguAMWCPI7nreA07d7x3zqAEiQ3sm0YrYTdmEKGcrtHg2qTecw+z2Om:Qgu37tqAEiQcmGTrKG6t3qTRJm
Malware Config
Targets
-
-
Target
NEAS.NEASNEAS0c3ecc4baf3fc3a1dcc446a8f979fcf61a0d4ef1cfd4cb84c99cb7f3b3e170c1jsunknownunknown_JC.unknown
-
Size
1.9MB
-
MD5
f51aee23c560560ae8bddb813dbc69fc
-
SHA1
fc26a039ed4f48b957463d6dd20bc5c903337268
-
SHA256
0c3ecc4baf3fc3a1dcc446a8f979fcf61a0d4ef1cfd4cb84c99cb7f3b3e170c1
-
SHA512
8dae74f8f0959cb2901e8fd5b8b185150c658e0a908c56e6687fb8d009c2a5332aa6fd46947f1a6442672f237737772d2d7f9a43a313664ec2a64e35edc70397
-
SSDEEP
12288:TCbvguAMWCPI7nreA07d7x3zqAEiQ3sm0YrYTdmEKGcrtHg2qTecw+z2Om:Qgu37tqAEiQcmGTrKG6t3qTRJm
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-