Overview

overview

10

Static

static

NS882992019101.vbs

windows7_x64

10

NS882992019101.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NS882992019101.vbs

  • Size

    13KB

  • Sample

    210824-4nt2esv3hn

  • MD5

    1abbd5432118e4de7c696d5d43a7449f

  • SHA1

    49fea89d7fc9f8be3afa2fd1b0ae9b6075c0acbf

  • SHA256

    b4489a7f0467bee2782b5e5cf74763d0c05148a9044092eb79aba7c588f35f99

  • SHA512

    7012990308d3b7e451c65b1bc1e26693a04e1bd63f3c3d735538fbb4e9092d87b3ed323a45231004fcbd3795c11803477d8c1645cf1d2b9c0fc915150161b31f

Score
10/10
vjw0rmtrojanworm

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://7501.nerdpol.ovh/7501/fr.txt

Targets

    • Target

      NS882992019101.vbs

    • Size

      13KB

    • MD5

      1abbd5432118e4de7c696d5d43a7449f

    • SHA1

      49fea89d7fc9f8be3afa2fd1b0ae9b6075c0acbf

    • SHA256

      b4489a7f0467bee2782b5e5cf74763d0c05148a9044092eb79aba7c588f35f99

    • SHA512

      7012990308d3b7e451c65b1bc1e26693a04e1bd63f3c3d735538fbb4e9092d87b3ed323a45231004fcbd3795c11803477d8c1645cf1d2b9c0fc915150161b31f

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks