Overview

overview

10

Static

static

js-decoded-1.js

windows7_x64

10

js-decoded-1.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    js-decoded-1.js

  • Size

    346KB

  • Sample

    211208-tkyv6sgcc8

  • MD5

    241d3041e2bb264cf886eff9fc3de24e

  • SHA1

    7f3fe68b0ef727fca62441cff8eea28c5cd51941

  • SHA256

    e817bd6a89f5bc3ee448e3c39e5c4739cf010bb815d087ecdd1b5e1f30c04959

  • SHA512

    078b8f61b2afeefdf283d6e8f6b33986fc3500788b8d77e7672fc6aae70221ac140d850f91401a3e65a8996f49b4c9babdabac7071d7ea40adc84c62e9bbddc0

Score
10/10
strratvjw0rmpersistencestealertrojanworm

Malware Config

Targets

    • Target

      js-decoded-1.js

    • Size

      346KB

    • MD5

      241d3041e2bb264cf886eff9fc3de24e

    • SHA1

      7f3fe68b0ef727fca62441cff8eea28c5cd51941

    • SHA256

      e817bd6a89f5bc3ee448e3c39e5c4739cf010bb815d087ecdd1b5e1f30c04959

    • SHA512

      078b8f61b2afeefdf283d6e8f6b33986fc3500788b8d77e7672fc6aae70221ac140d850f91401a3e65a8996f49b4c9babdabac7071d7ea40adc84c62e9bbddc0

    Score
    10/10
    strratvjw0rmpersistencestealertrojanworm

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks