vjw0rm | a3bda5240c364f1afd8a70384330092c99eb8d1c0133cf0c2e4e0dfaf927d6d8 | Triage

Submit
Reports

Overview

overview

Static

static

a3.exe

windows7_x64

a3.exe

windows10_x64

Sharing

General

Target

a3.exe
Size

166KB
Sample

210818-1vl8l3ezls
MD5

4c8b8d244f471478ad5c6bb4babb279e
SHA1

d7a22176243764fa8e499405597d612eb36cfbbd
SHA256

a3bda5240c364f1afd8a70384330092c99eb8d1c0133cf0c2e4e0dfaf927d6d8
SHA512

608e69ea5e59b4a00359ec3dc5b65da689ff1908e6ee0ad5a8824fd774fcfb39abaedfe3c84142734a3d12019844196e0e5b4fe1f00e76c251662f4677b148ff

Score

10^/10

vjw0rm suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

a3.exe

Resource

win7v20210410

vjw0rm suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a3.exe

Resource

win10v20210408

vjw0rm suricata trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cdn.discordapp.com/attachments/869602547248283711/877244888020840448/Main.png

Targets

- Target
  
  a3.exe
- Size
  
  166KB
- MD5
  
  4c8b8d244f471478ad5c6bb4babb279e
- SHA1
  
  d7a22176243764fa8e499405597d612eb36cfbbd
- SHA256
  
  a3bda5240c364f1afd8a70384330092c99eb8d1c0133cf0c2e4e0dfaf927d6d8
- SHA512
  
  608e69ea5e59b4a00359ec3dc5b65da689ff1908e6ee0ad5a8824fd774fcfb39abaedfe3c84142734a3d12019844196e0e5b4fe1f00e76c251662f4677b148ff
Score

10^/10

vjw0rm suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmsuricatatrojanworm

behavioral2

vjw0rmsuricatatrojanworm

© 2018-2024

Terms | Privacy