Overview

overview

10

Static

static

PAYMENT SWIFT.jar

windows7-x64

10

PAYMENT SWIFT.jar

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PAYMENT SWIFT.jar

  • Size

    81KB

  • Sample

    221006-l1m5lshaa9

  • MD5

    5f49f9e0adbfb9aa8a3001511918e219

  • SHA1

    3f5e25c46c605fa5e9e2681b1a7e3003802580e3

  • SHA256

    2a6d83a4c367c9f0d23874ee32aa05c30e5d80e13d4b9d7d31ac5f7b0308eeff

  • SHA512

    28d60b13919bfb812e7c99b63edd558b2e6a05c27b1dae9bd4dbaf6aa0c6a5942ddd0f553bf2f909cf18380b3e2e0e6ca8acca661e1cd905ba217a95a75948c8

  • SSDEEP

    1536:yEru81UBVOdxyo5g8puLyGuB/+78WSrjHynsrHYtHSyDMmFeWuaWvVGApDt7p+zL:frueUBWW8pFHBkCnWAYVS+MautkApDtU

Score
10/10
vjw0rmtrojanworm

Malware Config

Targets

    • Target

      PAYMENT SWIFT.jar

    • Size

      81KB

    • MD5

      5f49f9e0adbfb9aa8a3001511918e219

    • SHA1

      3f5e25c46c605fa5e9e2681b1a7e3003802580e3

    • SHA256

      2a6d83a4c367c9f0d23874ee32aa05c30e5d80e13d4b9d7d31ac5f7b0308eeff

    • SHA512

      28d60b13919bfb812e7c99b63edd558b2e6a05c27b1dae9bd4dbaf6aa0c6a5942ddd0f553bf2f909cf18380b3e2e0e6ca8acca661e1cd905ba217a95a75948c8

    • SSDEEP

      1536:yEru81UBVOdxyo5g8puLyGuB/+78WSrjHynsrHYtHSyDMmFeWuaWvVGApDt7p+zL:frueUBWW8pFHBkCnWAYVS+MautkApDtU

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks