Overview

overview

10

Static

static

5bed3acd_i...l4H.js

windows7_x64

10

5bed3acd_i...l4H.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bed3acd_ijm1WfCl4H

  • Size

    901KB

  • Sample

    210910-fppamscdcp

  • MD5

    5bed3acd00a2c4a7f40d0a90f712279f

  • SHA1

    04ee09c5ca9227991e240fb8fadf0ab04358791f

  • SHA256

    d4276b4b8112c9cd47f919bbec2dd4c411c18e3727b8232e89240652b9becc1c

  • SHA512

    aea4ff20e67d2452cbb64cf1fab93e5376155c0f216bf75a2e41eee9a9477cf63b131fee13211e310f81dbdfd754870238a9f402d69767b7e23a2a1e50392c42

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      5bed3acd_ijm1WfCl4H

    • Size

      901KB

    • MD5

      5bed3acd00a2c4a7f40d0a90f712279f

    • SHA1

      04ee09c5ca9227991e240fb8fadf0ab04358791f

    • SHA256

      d4276b4b8112c9cd47f919bbec2dd4c411c18e3727b8232e89240652b9becc1c

    • SHA512

      aea4ff20e67d2452cbb64cf1fab93e5376155c0f216bf75a2e41eee9a9477cf63b131fee13211e310f81dbdfd754870238a9f402d69767b7e23a2a1e50392c42

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks