Overview

overview

10

Static

static

PaymentReceipt_345.js

windows7_x64

10

PaymentReceipt_345.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PaymentReceipt_345.js

  • Size

    27KB

  • Sample

    210118-fka9p7xvqx

  • MD5

    498ecc30f8856e7c6a509fbc73b86df6

  • SHA1

    4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8

  • SHA256

    b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704

  • SHA512

    e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4

Score
10/10
vjw0rmtrojanworm

Malware Config

Targets

    • Target

      PaymentReceipt_345.js

    • Size

      27KB

    • MD5

      498ecc30f8856e7c6a509fbc73b86df6

    • SHA1

      4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8

    • SHA256

      b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704

    • SHA512

      e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks