Overview

overview

10

Static

static

Invoice ADP70619.js

windows7_x64

10

Invoice ADP70619.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice ADP70619.js

  • Size

    3KB

  • Sample

    210607-vgcrayjwen

  • MD5

    43059a61dd9f2a43b72be4ba04c48104

  • SHA1

    e79db9eed8cdab5c4b7d3e3ab4ff2663cb8c004e

  • SHA256

    32182e80111bcf11598afd083771f670236aa170f125f0d94504280703838c72

  • SHA512

    7f898081815bb5f6d55757f73b88dc10eb174464788580d29c4da9ccf160337aa88c31e0049e8081a3732e98311853cd67ab6347bc5d2cdbbc3ec49942174b99

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      Invoice ADP70619.js

    • Size

      3KB

    • MD5

      43059a61dd9f2a43b72be4ba04c48104

    • SHA1

      e79db9eed8cdab5c4b7d3e3ab4ff2663cb8c004e

    • SHA256

      32182e80111bcf11598afd083771f670236aa170f125f0d94504280703838c72

    • SHA512

      7f898081815bb5f6d55757f73b88dc10eb174464788580d29c4da9ccf160337aa88c31e0049e8081a3732e98311853cd67ab6347bc5d2cdbbc3ec49942174b99

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks