General
-
Target
6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574.js
-
Size
3.8MB
-
Sample
240420-bq58bscf86
-
MD5
6812d6fba47adabb337563ca20fa84f8
-
SHA1
2ab5b312c71f2a60d53c16fad7690291ea6d5bb0
-
SHA256
6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574
-
SHA512
63d595755ddb4f6b680fb41068f285fbfa6b87d508b7efe1c2f481e70722a2d08669f15b08e362e8db0fdbd85f84796d1f1dd48717c7bf6392055dbbedfeaeae
-
SSDEEP
49152:DVz6cMuHZupT2iUkP6qOyJdCt6x9loTDW6bK53j+ji48++M0fTW/JDy4TaERYUbB:V
Malware Config
Extracted
wshrat
http://94.156.71.108:1604
Targets
-
-
Target
6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574.js
-
Size
3.8MB
-
MD5
6812d6fba47adabb337563ca20fa84f8
-
SHA1
2ab5b312c71f2a60d53c16fad7690291ea6d5bb0
-
SHA256
6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574
-
SHA512
63d595755ddb4f6b680fb41068f285fbfa6b87d508b7efe1c2f481e70722a2d08669f15b08e362e8db0fdbd85f84796d1f1dd48717c7bf6392055dbbedfeaeae
-
SSDEEP
49152:DVz6cMuHZupT2iUkP6qOyJdCt6x9loTDW6bK53j+ji48++M0fTW/JDy4TaERYUbB:V
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-