Overview

overview

10

Static

static

IMG-02100.js

windows7_x64

10

IMG-02100.js

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a705935e929145d90364f982002c75b7

  • Size

    555KB

  • Sample

    220627-qv9hwabfbp

  • MD5

    a705935e929145d90364f982002c75b7

  • SHA1

    5e288fa75d1cb35338107b23e34abc5b80373a13

  • SHA256

    bd93c23a662de94fafd902c069a4999e651fe3333034eec1deb09c2e26a6dd3b

  • SHA512

    8f472c64e9e37f837657ad612be8bf6b5d19f49e47228c270ee3ffff9c0a597d5e515e79c81c6f668fe0e2efd411a647f06178d0babddf988ddf6cbe068076d6

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      IMG-02100.js

    • Size

      347KB

    • MD5

      e869daed2a101e37df329f54350baac5

    • SHA1

      82cd02f5668b730646b1ead1c23e72ccaedb56f0

    • SHA256

      7d87428b37ec7ffe4e99b34737d777ba2df35b51f990488d68ecaa6521de1164

    • SHA512

      12f7832246e43d77ceeaded76f82ed06ff81f95ca97bb1fe994f32479dcb365d9a43f799b5ca06fc6e791e31cf7637777b58241c93133bac8d8282e60f3c9c11

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks