Overview

overview

10

Static

static

d0bbf57aae...b2.iso

windows7_x64

3

d0bbf57aae...b2.iso

windows10_x64

3

image006.png.js

windows7_x64

10

image006.png.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5158953814753280.zip

  • Size

    54KB

  • Sample

    220104-ev281sadfl

  • MD5

    2c0b7a9afbfc632f896b2cdad4940a5c

  • SHA1

    23361b6e70d4bd672706dbf9dbbcb6fbfb9996dd

  • SHA256

    e17f108dbdae317833c6a8771493512e0a773b5357c2535e1eba22fca1975477

  • SHA512

    b986621141d634dbf913ce4bf5b9a5827e0755942d64faaf91ec9d59e3ac203a9d37b1ef6bf8cc4503bd5ba23aac4117c6c8692e6edb9c750c38ab077941798b

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://spdxx.ddns.net:5050

Targets

    • Target

      d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2

    • Size

      270KB

    • MD5

      faa422c6ccfe96edff7000ebef7b5776

    • SHA1

      d9d72c12edecd7218b15f1554515f79bde997f72

    • SHA256

      d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2

    • SHA512

      2f39df9b952074d1b10c880671896770681f1e736bf57271c5790d20afcf9cc41e7180cea3c07aa2dd60808eda85a389696f7529f50a38e374d34d5a0e782dce

    Score
    3/10
    behavioral1behavioral2

    • Target

      image006.png.js

    • Size

      209KB

    • MD5

      e6860fcf7fd568970643d88ddc7d87cd

    • SHA1

      fef07c35b5cb90b850f920b222b7cf005c03b199

    • SHA256

      bae95e206861f753435369c3ca6b6c4bc655bd8a6f461c150785b1899766d55b

    • SHA512

      85d9eb5e92a593de8c170a92f1d7d67fdb5ca4bc57b0a865a4a81d626873ae316514293eb77730b0d1a11136c4696adb413f5c071a227aed9f00e048a9b18f8b

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks