Overview

overview

10

Static

static

AWB NO - 3...35.jar

windows7-x64

10

AWB NO - 3...35.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB NO - 3806763435.zip

  • Size

    135KB

  • Sample

    221123-hvdr7sed78

  • MD5

    ab1cd0e853cbb790431ac8f4661d579f

  • SHA1

    50eaad883f8c6c3510249ea651c3199b63be0c1e

  • SHA256

    3a9af8224393536fac93308404bb47ff08a650f3ed2049a2a92641cd0b1fd562

  • SHA512

    939c39cc88732b1fbd8971c5e0db0b6c4d9ff146745996a11be2f33f2551ebd5873c2e470b3da946021d6ebda00473fdfa4ecc3b0478febbaf0a9d71fc379010

  • SSDEEP

    3072:pf6PMliTasMFimQsjUUDt/6sz8DoXyKlgzqL:pf6PKi2OmQsjbth9XyKl2qL

Score
10/10
vjw0rmtrojanworm

Malware Config

Targets

    • Target

      AWB NO - 3806763435.jar

    • Size

      135KB

    • MD5

      f3ea82bc0cc2257700a03772803f33ba

    • SHA1

      4a3b8f5db62c2b8da10c12f303c793d4c906154c

    • SHA256

      637d0ad48e3a475f7b025f1c9fe9baf21644f56e8cb80191b442cadb4fdd9ca6

    • SHA512

      09a18567c0955b0a0a8e626d5bd8e7fd92229276cd750a07788a14ad8ab9ff86a1f86e6e601e49bac1ba5f0c3c6cb70aa56eb18381fee0557c760c5f7949c798

    • SSDEEP

      3072:mf6XMlidasMjimQsBqUDt/Gsz8DSXyKlQwy:mf6XKisgmQsB5tlBXyKlQwy

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks