Overview

overview

10

Static

static

RESULTADOS...a c.js

windows7_x64

10

RESULTADOS...a c.js

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    resultados_certificados_0125874561489464564645125198764534343964 .bz2

  • Size

    3KB

  • Sample

    220713-d6pxdsced3

  • MD5

    7d631df3a76fc840ccc233cb797942b1

  • SHA1

    cde0eb8370b2566fd1708be82ab59fa674c910fd

  • SHA256

    4cf06fcccda0a8c98714cf5f4e8f1a2a069a45a27bd7e7067bc16b2c69570af4

  • SHA512

    bfebd11efead2182532dee801da55cf00240e8915fb039e8a781ce3d64ba5682da7dce95f0376b064768e29be2a4dcc281f451857323bc3840a8467ad40d00f6

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://vjwm.duckdns.org:39741

Targets

    • Target

      RESULTADOS CERTIFICADOS 0125874561489464564645125198764534343964 reporte negativo puede afectar la calificación de su crédito y la posibilidad de otorgamiento de nuevas operaciones crediticias por parte de las diferentes en.js

    • Size

      7KB

    • MD5

      474380e737dfb500e792341ebc824104

    • SHA1

      95c409c810967cb9244b488f73df0fc87b1d8b07

    • SHA256

      b13ec4db17581d63d49db60ecba0aac715a43c88978f7dc6a94b916d580fef43

    • SHA512

      c45d7bb450c6be7860b090dcb8e866171c714996ce5079fefad077ee3b08880549c1bf70a48ccbfe68d47bdc81c57b153264be1dc842ee16e624e9df71ffc46d

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks