Overview

overview

10

Static

static

5597f148d2...41f.js

windows7-x64

10

5597f148d2...41f.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5597f148d24f8999fa0e961445c95d0b854a8c296a46cb92db48ddbc1ecc341f.js

  • Size

    1.1MB

  • Sample

    221222-3xy65saf8s

  • MD5

    38384d69c165b100f3e0bb9628feab41

  • SHA1

    e5d43d8c4e69c1b11eb0e98bef644440e7a1ea5a

  • SHA256

    5597f148d24f8999fa0e961445c95d0b854a8c296a46cb92db48ddbc1ecc341f

  • SHA512

    e0cd055fd8dbcbeca87826e5f91ffdcc5b2aed225a9aa6136d1ee9538d9ca2d4ec9fe8d7d50bb9acaddb475b789c5cd9bbd9f78d0f3b8aa5074fd911f5672d3b

  • SSDEEP

    12288:GtHYDeDuDLzi5Zvhxuw/9qfuu7u0mqY4KjqjxXlb67SlkEbDVk:Y7xp9qfuu7u0mqY4K+SmlkEXVk

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      5597f148d24f8999fa0e961445c95d0b854a8c296a46cb92db48ddbc1ecc341f.js

    • Size

      1.1MB

    • MD5

      38384d69c165b100f3e0bb9628feab41

    • SHA1

      e5d43d8c4e69c1b11eb0e98bef644440e7a1ea5a

    • SHA256

      5597f148d24f8999fa0e961445c95d0b854a8c296a46cb92db48ddbc1ecc341f

    • SHA512

      e0cd055fd8dbcbeca87826e5f91ffdcc5b2aed225a9aa6136d1ee9538d9ca2d4ec9fe8d7d50bb9acaddb475b789c5cd9bbd9f78d0f3b8aa5074fd911f5672d3b

    • SSDEEP

      12288:GtHYDeDuDLzi5Zvhxuw/9qfuu7u0mqY4KjqjxXlb67SlkEbDVk:Y7xp9qfuu7u0mqY4K+SmlkEXVk

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks