PaymentReceipt.js

General
Target

PaymentReceipt.js

Size

28KB

Sample

210117-hh6jad1qbe

Score
10 /10
MD5

b199269852088f41919025ee636a8f6d

SHA1

3b0262420bf7a33d4265415e9245c4fa21f5398f

SHA256

2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f

SHA512

477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0

Malware Config
Targets
Target

PaymentReceipt.js

MD5

b199269852088f41919025ee636a8f6d

Filesize

28KB

Score
10 /10
SHA1

3b0262420bf7a33d4265415e9245c4fa21f5398f

SHA256

2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f

SHA512

477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0

Tags

Signatures

  • Vjw0rm

    Description

    Vjw0rm is a remote access trojan written in JavaScript.

    Tags

  • Blocklisted process makes network request

  • Drops startup file

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10