General
-
Target
a707c0a69369c8e2d991f4e4b77ca59342deb8bfa37dd5c7138e823f20e983df
-
Size
9KB
-
Sample
240226-1z6b5ahh7v
-
MD5
56949c45eb88b2185504e875a3988dce
-
SHA1
354e71c9a2da8d31899baeea3dd264a74ae8ecf7
-
SHA256
a707c0a69369c8e2d991f4e4b77ca59342deb8bfa37dd5c7138e823f20e983df
-
SHA512
37df4d73d9ebeb300dfbe6427ea763e1597236c4b9f4081718b8553366a52a8e8066de3bcbdc8924984510c3755cc9df855000a80051e1648cbae28f7b0e50c0
-
SSDEEP
192:pimMcYCxTcm/aowLVVjsL0j8BpBlENSriu036wr8IJCJuD:4vLCamhwLVB8G8/EJ/98Zg
Malware Config
Targets
-
-
Target
a707c0a69369c8e2d991f4e4b77ca59342deb8bfa37dd5c7138e823f20e983df
-
Size
9KB
-
MD5
56949c45eb88b2185504e875a3988dce
-
SHA1
354e71c9a2da8d31899baeea3dd264a74ae8ecf7
-
SHA256
a707c0a69369c8e2d991f4e4b77ca59342deb8bfa37dd5c7138e823f20e983df
-
SHA512
37df4d73d9ebeb300dfbe6427ea763e1597236c4b9f4081718b8553366a52a8e8066de3bcbdc8924984510c3755cc9df855000a80051e1648cbae28f7b0e50c0
-
SSDEEP
192:pimMcYCxTcm/aowLVVjsL0j8BpBlENSriu036wr8IJCJuD:4vLCamhwLVB8G8/EJ/98Zg
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-