Overview

overview

10

Static

static

js (2).js

windows7-x64

10

js (2).js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    js (2).js

  • Size

    68KB

  • Sample

    221202-csfk5ahb6x

  • MD5

    c1c77d014849645fd2802f7e4f421bd1

  • SHA1

    0ffe0908f44ba65fa664a1d6a82de61e71690845

  • SHA256

    355d77dfeedf4cf7d5641618598a55b2571eb227c5f6cbda810acc143c4c2bcc

  • SHA512

    f4b107e3123b3f52dbc3dd21c491acb1fc81f366f6ade87f8e1a2aa50695a26b86aa8d1e1c40139f8095577f1b2b211f788f9f9b0d9abf4f7a7ccb1e37df7329

  • SSDEEP

    1536:eET4c9hSc/PbwG+j/UZABcxGI1BG0yz3pLS2Xmi0jd:eEsc9p/DT+kwI1BHw8

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      js (2).js

    • Size

      68KB

    • MD5

      c1c77d014849645fd2802f7e4f421bd1

    • SHA1

      0ffe0908f44ba65fa664a1d6a82de61e71690845

    • SHA256

      355d77dfeedf4cf7d5641618598a55b2571eb227c5f6cbda810acc143c4c2bcc

    • SHA512

      f4b107e3123b3f52dbc3dd21c491acb1fc81f366f6ade87f8e1a2aa50695a26b86aa8d1e1c40139f8095577f1b2b211f788f9f9b0d9abf4f7a7ccb1e37df7329

    • SSDEEP

      1536:eET4c9hSc/PbwG+j/UZABcxGI1BG0yz3pLS2Xmi0jd:eEsc9p/DT+kwI1BHw8

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks