General

  • Target

    Inv_#9045.js

  • Size

    3KB

  • Sample

    210405-tb8cal79rx

  • MD5

    bd2ef974ff2ac7645c9c1249c6f09c67

  • SHA1

    2f91d738794f8dc4e18e61d2ebd138e9cee26118

  • SHA256

    999b0576efee65a6c79f2fdc6e6f0d3aca3965d9e3f6193d88d452a5f507fc4e

  • SHA512

    65d7b23e6b0d99c73b6a0b8588c15c84ecfd3a5e2aa6e6cbeb4e2204479881b9587cc5dd84d097a1a4a95182fc83c0e41ab4683bab1783af6528e78eb7946303

Malware Config

Targets

    • Target

      Inv_#9045.js

    • Size

      3KB

    • MD5

      bd2ef974ff2ac7645c9c1249c6f09c67

    • SHA1

      2f91d738794f8dc4e18e61d2ebd138e9cee26118

    • SHA256

      999b0576efee65a6c79f2fdc6e6f0d3aca3965d9e3f6193d88d452a5f507fc4e

    • SHA512

      65d7b23e6b0d99c73b6a0b8588c15c84ecfd3a5e2aa6e6cbeb4e2204479881b9587cc5dd84d097a1a4a95182fc83c0e41ab4683bab1783af6528e78eb7946303

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks