Extracted

• • Target

    neworder.js

  • Size

    3.8MB

  • MD5

    7d1e985be05e1038b33ae1c4e980a663

  • SHA1

    364d4a8f587b94716daaec3ce4ed80d00b356c0c

  • SHA256

    2f2b1b66553a447bb3384f5d22407a00bedefc43f5d4fb63b8b4970ed6c1702f

  • SHA512

    754ee17cdbcd34b2201dc47a92f86f9e7f8cd8aa82969c6a3970d02b8bec33ae19edc9627a011d1554d2935a4a830c5fd769c7f281e95707473e4c55a151c845

  • SSDEEP

    24576:1ZGBVFPB36kJuadeEKwN8o5red0epniTcZkgbMegyMDoIWqkaln8wDs/Pm+x7Dt5:F

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2