Overview

overview

10

Static

static

PO202104-114.js

windows7_x64

10

PO202104-114.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO202104-114.js

  • Size

    202KB

  • Sample

    211202-ty883adee8

  • MD5

    5c4f47782fb4bfdeb29d59b6c9650286

  • SHA1

    62300fcfeaa7b749cfd7850b94024f362189af11

  • SHA256

    2e0f76b60d0374094c685eca1e37895a7307df72ab16d4bb552911a21b6a36cd

  • SHA512

    b699e44ceaf19ceab872eb7c743a0492eacc2ebb515906b7d5d28767159b14fc18adabd56f1bcb07fd1bcd169a3d1f74cab59ad8ee7643741796639103dce7b5

Score
10/10
strratvjw0rmpersistencestealertrojanworm

Malware Config

Targets

    • Target

      PO202104-114.js

    • Size

      202KB

    • MD5

      5c4f47782fb4bfdeb29d59b6c9650286

    • SHA1

      62300fcfeaa7b749cfd7850b94024f362189af11

    • SHA256

      2e0f76b60d0374094c685eca1e37895a7307df72ab16d4bb552911a21b6a36cd

    • SHA512

      b699e44ceaf19ceab872eb7c743a0492eacc2ebb515906b7d5d28767159b14fc18adabd56f1bcb07fd1bcd169a3d1f74cab59ad8ee7643741796639103dce7b5

    Score
    10/10
    strratvjw0rmpersistencestealertrojanworm

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks