General

  • Target

    ER8NSOWUNA.js

  • Size

    8KB

  • Sample

    210722-b9x8hyyxqa

  • MD5

    0d75df466a9ab3ec0decd6d186423903

  • SHA1

    af6f88ff79b19b885650160eb11971d94ce81e10

  • SHA256

    555b5c53b23a062843fdcafa1296709d36176b22249aef65f207460d4bdbf490

  • SHA512

    e5d14ff15bdab8bc2c382ea97416e65983836fc86548c2a4f1fb6ee033e3fbd9a37f3de6cc7df631d23d607a8e6ad5c29e4a09e699a33488071152d6268994ad

Malware Config

Targets

    • Target

      ER8NSOWUNA.js

    • Size

      8KB

    • MD5

      0d75df466a9ab3ec0decd6d186423903

    • SHA1

      af6f88ff79b19b885650160eb11971d94ce81e10

    • SHA256

      555b5c53b23a062843fdcafa1296709d36176b22249aef65f207460d4bdbf490

    • SHA512

      e5d14ff15bdab8bc2c382ea97416e65983836fc86548c2a4f1fb6ee033e3fbd9a37f3de6cc7df631d23d607a8e6ad5c29e4a09e699a33488071152d6268994ad

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks