General
-
Target
d82b9d7af67f2ade0c11bfe6bfd69544
-
Size
129KB
-
Sample
240320-hr6zksbg9w
-
MD5
d82b9d7af67f2ade0c11bfe6bfd69544
-
SHA1
051c9770aebcc850ae09baa6a223848a7aa3f289
-
SHA256
ae33e9f2e18d4fdd25db5bc30b8b8bdd63b53794e225dbe818ebe65a29b0dc95
-
SHA512
fbfc1943e95be1d5c9a536e2aa9267b188eb81e9c9445074c2b69d01f7d092c0d1590e15c8579da0c6ab1ba97e1767cd5a2984a1eb6e08611df3fec5764dc555
-
SSDEEP
3072:PdaZuzVCyUNstfAQyHuAYWgPNr6K5V3I/Iy7+itIlhGDbmC:PNIsNyH/LgPNrPH4/I7jhGDb
Malware Config
Targets
-
-
Target
d82b9d7af67f2ade0c11bfe6bfd69544
-
Size
129KB
-
MD5
d82b9d7af67f2ade0c11bfe6bfd69544
-
SHA1
051c9770aebcc850ae09baa6a223848a7aa3f289
-
SHA256
ae33e9f2e18d4fdd25db5bc30b8b8bdd63b53794e225dbe818ebe65a29b0dc95
-
SHA512
fbfc1943e95be1d5c9a536e2aa9267b188eb81e9c9445074c2b69d01f7d092c0d1590e15c8579da0c6ab1ba97e1767cd5a2984a1eb6e08611df3fec5764dc555
-
SSDEEP
3072:PdaZuzVCyUNstfAQyHuAYWgPNr6K5V3I/Iy7+itIlhGDbmC:PNIsNyH/LgPNrPH4/I7jhGDb
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-