Overview

overview

10

Static

static

MT103 PAYM...pdf.js

windows7_x64

10

MT103 PAYM...pdf.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MT103 PAYMENT_ANCHORS_4263782872.pdf.rar

  • Size

    126KB

  • Sample

    210905-mjt29scgap

  • MD5

    bc8827784fd40343853c431583ce356c

  • SHA1

    d5754b78ac23e511170aecf565ee32d4eb7b33d0

  • SHA256

    b1d7f328f02090c7524ec638e8f89efdd405a4821dd9e28cb7dac125b2615179

  • SHA512

    103c3895dfc28b1cb330b849e6297f26c792ca4d5da563fa996b7572fb6c28957823f8161d8af841729ba8e9b05df47cba195b2477b1aaf69c28bb4371a69361

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      MT103 PAYMENT_ANCHORS_4263782872.pdf.js

    • Size

      205KB

    • MD5

      f924ea1d9a529af64d57c5daa6f55bab

    • SHA1

      e39ec476abb7acce4e713f15fb121ceed72b12c2

    • SHA256

      872339e661e1a90638d6981b8b09d56cccebdfdfad0fabb2c5100f4c05bccce7

    • SHA512

      3d59266b9bbfa01dd4c694faa42f53d8c87eae2698cfdfdd941eaa6cfaeeb2383c0fdf4deb32f4c0ecaf8ffa671737ee7d6acbd186ef8ee3c0ef85e79719140c

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks