Overview

overview

10

Static

static

Invoice -1543.js

windows7_x64

10

Invoice -1543.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice -1543.js

  • Size

    3KB

  • Sample

    210324-2yh1v64mls

  • MD5

    a53f0d566b2ffabe4ef33bd8816fdd3e

  • SHA1

    b59c9ac2ace3d601a07c24807e4d8b7b0e27900c

  • SHA256

    929232555bcc80211ffb2cdc880848284bd2be08f0b14f2a3348cb7bad7c32c3

  • SHA512

    55857882efefab3cf024763ecdf21839a13f4c95cb1b19fee0378415848352e92ea6f1a5127f258c6e8d562ddeffd44be7655738b2f3f6baf0a92846b1d63099

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      Invoice -1543.js

    • Size

      3KB

    • MD5

      a53f0d566b2ffabe4ef33bd8816fdd3e

    • SHA1

      b59c9ac2ace3d601a07c24807e4d8b7b0e27900c

    • SHA256

      929232555bcc80211ffb2cdc880848284bd2be08f0b14f2a3348cb7bad7c32c3

    • SHA512

      55857882efefab3cf024763ecdf21839a13f4c95cb1b19fee0378415848352e92ea6f1a5127f258c6e8d562ddeffd44be7655738b2f3f6baf0a92846b1d63099

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks