Extracted

• • Target

    CC051000007401.vbs

  • Size

    44KB

  • MD5

    bfb1a7641288bf047bf8f8d403f3b138

  • SHA1

    b5ddaa8db4a2d33bd5fa46f70ffe2893612652ee

  • SHA256

    d16b502ff0b1413b19a22a39888f1f0ac6f42eede611b5c4b7d004802a814c9d

  • SHA512

    ca92f671e3debfaaa64cb284821f0886b7faa7b6d0fced6476ab889d3a2373936bfefd0e5feef11ececd943eec5bb1c745a68ca61c1ef4480cc5c526a011a9f7

  • SSDEEP

    768:myaI+a0DXtSbnbhbhscz0i/w+8MtXs/oo5ziD53Z40mb/DqfZW377PiMQ+XrUcsd:x/0DXtSbnbhbhsw0i/w+8M9s/oo5ziDT

  Score

  10^/10

  vjw0rmpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2