Extracted

• • Target

    sus.js

  • Size

    5KB

  • MD5

    5ffa64bc687da9b568eaaca857db1a1f

  • SHA1

    5593dcbaee25124b49a9bd76a491c53cefb54acb

  • SHA256

    f494422ec0931062c6fd39171b0363299073cb78b18209b11fe36f1c3065f8d6

  • SHA512

    5ec4704d2da3c221d8dcf4df7adb2845e1ccafce689d33141c3bbd8bd702355e71fc91e9e5b5c2f763c6b76c05f33c401004d085608147dd720da31db834399a

  • SSDEEP

    96:SABNo5DRk2c24ZRMHXE6/BI0w+Ys+fJrDdQqR7bJyKIROS4Uu/ingHXRZfzYMe/d:zSa2c24ZRMlBI0TYs+fJXfRfNJingHXm

  Score

  10^/10

  vjw0rmexecutionpersistencetrojanworm

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Vjw0rm family

    vjw0rm

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence
  behavioral1behavioral2