vjw0rm

General

Target

PAYMENT SLIP.js
Size

729KB
Sample

211216-j7vf6accar
MD5

085113cb8916d7a3a31640f56e1cf857
SHA1

32c0250d89f8c632fd2df14e056b74826a258752
SHA256

77fb77cd4b1780a5d28c3aac47572f51c7e6ca4c729a21b2ce19810b9933a382
SHA512

1215ef4a2754d6b7c9105040e74ed70de624a964008284432fe98750ec92d2d538a675b0353c18ccbceb056efb9a16033254523c2bf7c0c2519e2d3f0a9f1c12

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pzi0

Decoy

laylmodest.com

woruke.club

metaverseslots.net

syscogent.net

aluxxenterprise.com

lm-solar.com

lightempirestore.com

witcheboutique.com

hometech-bosch.xyz

expert-netcad.com

poteconomist.com

mycousinsfriend.biz

shineveranda.com

collegedictionary.cloud

zqlidexx.com

businessesopportunity.com

2utalahs4.com

participatetn.info

dare2ownit.com

varser.com

Targets

- Target
  
  PAYMENT SLIP.js
- Size
  
  729KB
- MD5
  
  085113cb8916d7a3a31640f56e1cf857
- SHA1
  
  32c0250d89f8c632fd2df14e056b74826a258752
- SHA256
  
  77fb77cd4b1780a5d28c3aac47572f51c7e6ca4c729a21b2ce19810b9933a382
- SHA512
  
  1215ef4a2754d6b7c9105040e74ed70de624a964008284432fe98750ec92d2d538a675b0353c18ccbceb056efb9a16033254523c2bf7c0c2519e2d3f0a9f1c12
Score

10^/10

vjw0rm xloader pzi0 loader persistence rat suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2