Overview

overview

10

Static

static

fgcgf0rder-Receipt.js

windows7_x64

10

fgcgf0rder-Receipt.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fgcgf0rder-Receipt.js

  • Size

    102KB

  • Sample

    210324-33nn8bgm22

  • MD5

    eff37f2a81930f198684680bbad3936e

  • SHA1

    c5d5aa83213fe5afa4ab9e8280c670fc005e31bf

  • SHA256

    f702760531aa02bfd9976a292da5464e43236b79bfa445aadd83f7c1a1c44f10

  • SHA512

    491524948f1eb54e7be7a9c6dd5c776b417a8bd693e7f252fc047e2bb49eba562e3851719754e1630479d061a6ae37f6293e598ba042c376f668ee5b0296c8a8

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      fgcgf0rder-Receipt.js

    • Size

      102KB

    • MD5

      eff37f2a81930f198684680bbad3936e

    • SHA1

      c5d5aa83213fe5afa4ab9e8280c670fc005e31bf

    • SHA256

      f702760531aa02bfd9976a292da5464e43236b79bfa445aadd83f7c1a1c44f10

    • SHA512

      491524948f1eb54e7be7a9c6dd5c776b417a8bd693e7f252fc047e2bb49eba562e3851719754e1630479d061a6ae37f6293e598ba042c376f668ee5b0296c8a8

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks