General

  • Target

    RECEIPT_SHIPPING_009898766.js

  • Size

    5KB

  • Sample

    210716-avmhvlkaqx

  • MD5

    6c675ed9076cdfe383565ce2aa744d8b

  • SHA1

    1e241c076f98a877805aead8c10ec1eb93c758d8

  • SHA256

    c7f0fcb6edc78e2ab1e6d54d3a5f420785e3cfb2ffef15cd5dda15ef3fe51b0a

  • SHA512

    c721ae27bd565f08621b6cd533fa36e1cc97f1a16b7ad741022852c31af1fa277858181d446fd2deb272b5670e0cb8a7c02cac39724e2278c80bd46c1aff1af3

Malware Config

Targets

    • Target

      RECEIPT_SHIPPING_009898766.js

    • Size

      5KB

    • MD5

      6c675ed9076cdfe383565ce2aa744d8b

    • SHA1

      1e241c076f98a877805aead8c10ec1eb93c758d8

    • SHA256

      c7f0fcb6edc78e2ab1e6d54d3a5f420785e3cfb2ffef15cd5dda15ef3fe51b0a

    • SHA512

      c721ae27bd565f08621b6cd533fa36e1cc97f1a16b7ad741022852c31af1fa277858181d446fd2deb272b5670e0cb8a7c02cac39724e2278c80bd46c1aff1af3

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks