Overview

overview

10

Static

static

bb93b746dc...81.iso

windows7_x64

3

bb93b746dc...81.iso

windows10-2004_x64

4

#ZGSOPW8K90.js

windows7_x64

10

#ZGSOPW8K90.js

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb93b746dc07c5c60e6b19404e1f89001a1e523e35c75b8f64b36c125d13fb81

  • Size

    70KB

  • Sample

    220206-zmv5ysbhfp

  • MD5

    41d22f10ce4703a4dec9b015642226c3

  • SHA1

    d38547f6bfb75c2cad5f8c1355cd616383963a13

  • SHA256

    bb93b746dc07c5c60e6b19404e1f89001a1e523e35c75b8f64b36c125d13fb81

  • SHA512

    4f36ef5ab819644eaa8d32342c95bb4eefdd1884009d3c9c718186aed0659aef10fb3e453443d172d2403f60b9bceb24daa9a6846e9ec3f545e6642b5c16e412

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      bb93b746dc07c5c60e6b19404e1f89001a1e523e35c75b8f64b36c125d13fb81

    • Size

      70KB

    • MD5

      41d22f10ce4703a4dec9b015642226c3

    • SHA1

      d38547f6bfb75c2cad5f8c1355cd616383963a13

    • SHA256

      bb93b746dc07c5c60e6b19404e1f89001a1e523e35c75b8f64b36c125d13fb81

    • SHA512

      4f36ef5ab819644eaa8d32342c95bb4eefdd1884009d3c9c718186aed0659aef10fb3e453443d172d2403f60b9bceb24daa9a6846e9ec3f545e6642b5c16e412

    Score
    4/10
    behavioral1behavioral2

    • Target

      #ZGSOPW8K90.js

    • Size

      9KB

    • MD5

      ae8557fa1481775c784fe476178a3e15

    • SHA1

      f6f9eb5eac66b7b121d4500adaebdb02b0adc75b

    • SHA256

      4debfb4af8e27a5a3d8065ecca05fdf6ba1b16ed8e8485970fdf1680a6ad89ca

    • SHA512

      0e3df716b8f5a5f9ed58a4afb0f40a2c880bccd6bfa456a37bd8061ea85e4ebf509600db0bf0dfb7f3ff10b360817ab1cead6026a5b851a5e20d03d05218757d

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks