Overview

overview

10

Static

static

ColisFR210...202.js

windows7_x64

10

ColisFR210...202.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ColisFR210512010J00202.js

  • Size

    782KB

  • Sample

    210623-jkesqvfhc6

  • MD5

    f975d03ad1cc50935dc385a3a91d3df3

  • SHA1

    0bffedeae3d8e0a52d9f7b8d143232e653ebc352

  • SHA256

    6f6504835638f4a55666af25325774f44cc44c0f0e6e7d726dfeb7ca6c586e84

  • SHA512

    891af6a53fb54e65b872ba4fec1d522ee7ea269ccd5349e26cb62e2c2770b5c62a3fd1db1967ccb544a342e9e47a9efbb97c38db87f7323895db3ade33109b1e

Score
10/10
vjw0rmtrojanworm

Malware Config

Targets

    • Target

      ColisFR210512010J00202.js

    • Size

      782KB

    • MD5

      f975d03ad1cc50935dc385a3a91d3df3

    • SHA1

      0bffedeae3d8e0a52d9f7b8d143232e653ebc352

    • SHA256

      6f6504835638f4a55666af25325774f44cc44c0f0e6e7d726dfeb7ca6c586e84

    • SHA512

      891af6a53fb54e65b872ba4fec1d522ee7ea269ccd5349e26cb62e2c2770b5c62a3fd1db1967ccb544a342e9e47a9efbb97c38db87f7323895db3ade33109b1e

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks