Extracted

• • Target

    1dd3bb76323b4cef240b169318d78ba1a360574382fb2d9f42a1888fe3fc3960.js

  • Size

    3.8MB

  • MD5

    4c314b9d39669df27156747da107becc

  • SHA1

    69b2083af009d92a0e358562e037422cb0f30d5e

  • SHA256

    1dd3bb76323b4cef240b169318d78ba1a360574382fb2d9f42a1888fe3fc3960

  • SHA512

    30a6ae1aea3221ef5bb7f8f7193b8c5b13b37df690720eab3c7dc8c770a769bd97b7df597bafeb008755c7e6930f0dda7622805337daff77362e479bcc1ab19a

  • SSDEEP

    49152:wnYqXWFGA7tDzPYDHZt7Ilht7iYR0a+CwUCIVPrROXv54DOC849xV2jXz2FOz:k

  Score

  10^/10

  vjw0rmwshratpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2