Overview

overview

10

Static

static

Details.pdf.js

windows7_x64

10

Details.pdf.js

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details.pdf.js

  • Size

    562KB

  • Sample

    220623-gm124aeff3

  • MD5

    cb59237d6204d65a220eac88ad0af4e5

  • SHA1

    64304835929c67739b2aba280dcd0f9761925440

  • SHA256

    880764b02a05b427918594f017fa9c1fa3e9e8255506d542c302eb93380b0be8

  • SHA512

    ccd966e2c4e9715d0e46fe4e3c9f331c591757ffe184deaec93797271a77c12d86ad5e00d1b90fc4aa829a38016e3b38344bc711556c8026a0397f9d66bcea9a

Score
10/10
vjw0rmwarzoneratinfostealerpersistencerattrojanworm

Malware Config

Targets

    • Target

      Details.pdf.js

    • Size

      562KB

    • MD5

      cb59237d6204d65a220eac88ad0af4e5

    • SHA1

      64304835929c67739b2aba280dcd0f9761925440

    • SHA256

      880764b02a05b427918594f017fa9c1fa3e9e8255506d542c302eb93380b0be8

    • SHA512

      ccd966e2c4e9715d0e46fe4e3c9f331c591757ffe184deaec93797271a77c12d86ad5e00d1b90fc4aa829a38016e3b38344bc711556c8026a0397f9d66bcea9a

    Score
    10/10
    vjw0rmwarzoneratinfostealerpersistencerattrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks