balance de paiement centre des mandats dec 2020xlsx.js

General
Target

balance de paiement centre des mandats dec 2020xlsx.js

Size

40KB

Sample

210131-k7djjmpzjs

Score
10 /10
MD5

e6dafaffdb8dea5e25b305455e51f68e

SHA1

3eadc51ea6ccf5532c8929270be96dcb2abfe9ab

SHA256

efc93b3a44d76771669a8bd1df809f50cc9f976107f623da470f8d30279b4ad7

SHA512

ffb9ac8db09b6ba5ca2f414608ad56ef3a70e1c99fd501e1d03de1d2559b02c3774c6f60dee585e487ea1c56f8949949a6139836a559a8ad16163d06318a3379

Malware Config
Targets
Target

balance de paiement centre des mandats dec 2020xlsx.js

MD5

e6dafaffdb8dea5e25b305455e51f68e

Filesize

40KB

Score
10 /10
SHA1

3eadc51ea6ccf5532c8929270be96dcb2abfe9ab

SHA256

efc93b3a44d76771669a8bd1df809f50cc9f976107f623da470f8d30279b4ad7

SHA512

ffb9ac8db09b6ba5ca2f414608ad56ef3a70e1c99fd501e1d03de1d2559b02c3774c6f60dee585e487ea1c56f8949949a6139836a559a8ad16163d06318a3379

Tags

Signatures

  • Vjw0rm

    Description

    Vjw0rm is a remote access trojan written in JavaScript.

    Tags

  • Blocklisted process makes network request

  • Drops startup file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10

                    behavioral2

                    10/10