Overview

overview

10

Static

static

DHL_INVOIC...pdf.js

windows7-x64

10

DHL_INVOIC...pdf.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_INVOICE DOCUMENTS.pdf.js

  • Size

    39KB

  • Sample

    221223-e1d4daba2z

  • MD5

    728ad59ffec76f58dce2aa113c5c42c3

  • SHA1

    fede8848c27498a5a0d5f3738410aa996271654e

  • SHA256

    48ef19b9669fe0fa15daa9a81eab58f28ea9c4a4d01c502422bf71e7a882eaee

  • SHA512

    f3a3ede48e4e1c4ece4381e66950b3e713dc4a484ecb195feaf860c24d4169fe7d635d34a9ec4c707f8339e288b047eeb8807ad8aa125c4f26ccb385b633de43

  • SSDEEP

    768:sjLTSr8U0fXfpYiLnkSl5hjs/2JqmT9Kj+VcegMsx1ict:SrUMY+9l5hjs/2JqmT9KS2jx4ct

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      DHL_INVOICE DOCUMENTS.pdf.js

    • Size

      39KB

    • MD5

      728ad59ffec76f58dce2aa113c5c42c3

    • SHA1

      fede8848c27498a5a0d5f3738410aa996271654e

    • SHA256

      48ef19b9669fe0fa15daa9a81eab58f28ea9c4a4d01c502422bf71e7a882eaee

    • SHA512

      f3a3ede48e4e1c4ece4381e66950b3e713dc4a484ecb195feaf860c24d4169fe7d635d34a9ec4c707f8339e288b047eeb8807ad8aa125c4f26ccb385b633de43

    • SSDEEP

      768:sjLTSr8U0fXfpYiLnkSl5hjs/2JqmT9Kj+VcegMsx1ict:SrUMY+9l5hjs/2JqmT9KS2jx4ct

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks