General

  • Target

    N504152014.vbs

  • Size

    222B

  • Sample

    210723-2g3j756kra

  • MD5

    1cbd83f1bf2a1b9644a771224fee3f6d

  • SHA1

    1530b6e0a924738a8786065c55bf8f3089177bef

  • SHA256

    71f139d6eb543057497ad49270cac90d1edbc0d6f0201e85e21ca0f05efb30bc

  • SHA512

    82b079ffd2a211800262728123e1cf9786e0b1399f94d77773b308e179709b18735ab152de2f1687ab7b4a4a3145ba30ae9a8182b61c90b97337841caa6a305a

Score
10/10

Malware Config

Targets

    • Target

      N504152014.vbs

    • Size

      222B

    • MD5

      1cbd83f1bf2a1b9644a771224fee3f6d

    • SHA1

      1530b6e0a924738a8786065c55bf8f3089177bef

    • SHA256

      71f139d6eb543057497ad49270cac90d1edbc0d6f0201e85e21ca0f05efb30bc

    • SHA512

      82b079ffd2a211800262728123e1cf9786e0b1399f94d77773b308e179709b18735ab152de2f1687ab7b4a4a3145ba30ae9a8182b61c90b97337841caa6a305a

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

1
T1082

Tasks