vjw0rm

General

Target

Invoice remittance 52286.js
Size

317KB
Sample

210902-5cy7q2njf2
MD5

c0fd4d06d9d01680a307ffcf75355352
SHA1

2daeb72092e39bcf668815ab472c6010436f5e47
SHA256

e3f3d8e11b4dcac7bc9f7ba3e88659ecfabe9e03b42c9728ff01d1ee73ba0261
SHA512

0ee84815dd36fb7ffbe5d07427fb0c2849795b50be115fa92b813ba823f8c7d4a2031f1d2c70ccd02cb148fe3106e0a8dc5d804162de0007fa7155b92e984f74

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n64d

C2

http://www.bughtmisly.com/n64d/

Decoy

hayominta.com

dunstabzug.website

fafmediagroup.com

keepamericagreatagain-again.com

15jizhi.com

hachiden.net

manifestarz.com

bridgeschc.com

floving.com

tintaalairelibre.com

ditsawong.com

dabanse.com

choiceschristianliving.com

pcojapan-online.com

unityinsport.com

hersvin.com

suhaizat.com

vitaliyvs.com

equipmunks.com

yfhzx.com

Targets

- Target
  
  Invoice remittance 52286.js
- Size
  
  317KB
- MD5
  
  c0fd4d06d9d01680a307ffcf75355352
- SHA1
  
  2daeb72092e39bcf668815ab472c6010436f5e47
- SHA256
  
  e3f3d8e11b4dcac7bc9f7ba3e88659ecfabe9e03b42c9728ff01d1ee73ba0261
- SHA512
  
  0ee84815dd36fb7ffbe5d07427fb0c2849795b50be115fa92b813ba823f8c7d4a2031f1d2c70ccd02cb148fe3106e0a8dc5d804162de0007fa7155b92e984f74
Score

10^/10

vjw0rm xloader n64d loader persistence rat trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2