PaymentReceipt_345.js

General
Target

PaymentReceipt_345.js

Size

27KB

Sample

210118-fka9p7xvqx

Score
10 /10
MD5

498ecc30f8856e7c6a509fbc73b86df6

SHA1

4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8

SHA256

b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704

SHA512

e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4

Malware Config
Targets
Target

PaymentReceipt_345.js

MD5

498ecc30f8856e7c6a509fbc73b86df6

Filesize

27KB

Score
10 /10
SHA1

4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8

SHA256

b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704

SHA512

e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4

Tags

Signatures

  • Vjw0rm

    Description

    Vjw0rm is a remote access trojan written in JavaScript.

    Tags

  • Blocklisted process makes network request

  • Drops startup file

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10