Overview

overview

10

Static

static

f9ab5d8e62...b2.iso

windows7_x64

3

f9ab5d8e62...b2.iso

windows7_x64

3

f9ab5d8e62...b2.iso

windows10_x64

10

f9ab5d8e62...b2.iso

windows10_x64

3

FedEx Shipment.js

windows7_x64

10

FedEx Shipment.js

windows7_x64

10

FedEx Shipment.js

windows10_x64

10

FedEx Shipment.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4849368900468736.zip

  • Size

    13KB

  • Sample

    211130-kkktwaedhq

  • MD5

    ae7f0fbb06732ca9cea1fd875ec20cbb

  • SHA1

    ab7e2da380f745377e930acf8430d84c32be7f05

  • SHA256

    ca4f5e21e40cebc6dcc711b89aa8ec71815bf8eea358768c037fde6dea26bc11

  • SHA512

    b3ac1fd44d8945bfbfb1c379f7b017624b666e65e56b253dea197e019edd41bfbc534e0b0358a54a7ed3c7691441101a56da5cb558f27e648c7f7497d724ff7a

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://spdxx.ddns.net:5050

http://javaslinns.duia.ro:1333

Targets

    • Target

      f9ab5d8e6203bb615b809013ebf72b9a5cb6fc34aafcbba273cd38e561ef5eb2

    • Size

      86KB

    • MD5

      e70297cec555e96a3982fd80dcefcceb

    • SHA1

      a7004501eb5cdc8014ba3e9c2cdcea98ae4329e2

    • SHA256

      f9ab5d8e6203bb615b809013ebf72b9a5cb6fc34aafcbba273cd38e561ef5eb2

    • SHA512

      728de99f11b0c738d14b9c3c535c2dabea497a4ba3a15a93928a8dcde776a60c7a39b1f6815c37f08696fd1afe1d7c73cd96775920b1c89469cafa7affcd7524

    Score
    10/10
    persistence

    • Registers COM server for autorun

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

    • Target

      FedEx Shipment.js

    • Size

      25KB

    • MD5

      b5eec680d7588b496a4aa50223bc9714

    • SHA1

      99cc3d44d5c78a39867f72b98a0fb1235b4bcd24

    • SHA256

      259834c6e97251fc59c520e4f0591983cf6b1f414703e0c71b37482f7aea8509

    • SHA512

      9c4218eb3f641fe02e8f4003b4fce928ef10d1d996ec0575bb4d823ca190e2f2b2d2a3cbc3678cdd2b94bfdc2c3d31aa97b144c47f7fcbcaaf0d682441bf74ac

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Registers COM server for autorun

      persistence

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks