vjw0rm | 44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a | Triage

Submit
Reports

Overview

overview

Static

static

8

44ceb0661c...1a.doc

windows7_x64

44ceb0661c...1a.doc

windows10_x64

Sharing

General

Target

44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
Size

15KB
Sample

210817-2rqvqze3tj
MD5

7667baf4600d631f7aab1299604c9e8d
SHA1

ba5e3292901e3703621e81d23a9c8486ad42b835
SHA256

44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
SHA512

fb85252cd011972a1ea4658cc5b9f9a80d6bdc2bd7219b4d04cbfb5eff5ee4e935addd1b5e104a9679ea4badfbde342b4df776de61343018e963b0308407c3a5

Score

10^/10

vjw0rm macro trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a.doc

Resource

win7v20210410

vjw0rm trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a.doc

Resource

win10v20210410

vjw0rm trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cdn.discordapp.com/attachments/869602547248283711/877244888020840448/Main.png

Targets

- Target
  
  44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
- Size
  
  15KB
- MD5
  
  7667baf4600d631f7aab1299604c9e8d
- SHA1
  
  ba5e3292901e3703621e81d23a9c8486ad42b835
- SHA256
  
  44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
- SHA512
  
  fb85252cd011972a1ea4658cc5b9f9a80d6bdc2bd7219b4d04cbfb5eff5ee4e935addd1b5e104a9679ea4badfbde342b4df776de61343018e963b0308407c3a5
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm

© 2018-2024

Terms | Privacy