General

  • Target

    script.ps1

  • Size

    3KB

  • Sample

    220816-afcycscca7

  • MD5

    b76eaa56add03e68ff85fe826d3c613c

  • SHA1

    efcf463aac56b459561b4cd6c8e0b06cf3f001c3

  • SHA256

    43173f4b9444300961120fa5b3ab3bb9e893816ec9060cbf7144538e2ad177f6

  • SHA512

    61f1ff4fc51ae18b704130f088a28e08195001dda22af3254967ae8dd9b65d9521afd8751070c3baeed2ad8377e7fa5597791c2c3a41ad58c4c4ba1e9bc36b31

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.81.157.47:9405

Targets

    • Target

      script.ps1

    • Size

      3KB

    • MD5

      b76eaa56add03e68ff85fe826d3c613c

    • SHA1

      efcf463aac56b459561b4cd6c8e0b06cf3f001c3

    • SHA256

      43173f4b9444300961120fa5b3ab3bb9e893816ec9060cbf7144538e2ad177f6

    • SHA512

      61f1ff4fc51ae18b704130f088a28e08195001dda22af3254967ae8dd9b65d9521afd8751070c3baeed2ad8377e7fa5597791c2c3a41ad58c4c4ba1e9bc36b31

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

MITRE ATT&CK Matrix

Tasks