Overview

overview

10

Static

static

cd6b788372...8d3.js

windows7-x64

10

cd6b788372...8d3.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec87b49270ad1afb170890fc4644bd59.bin

  • Size

    160KB

  • Sample

    230116-kv5xssce85

  • MD5

    0d55b80e369a32a3c3703d24297d5238

  • SHA1

    950bec469cb649dc3cff83a6859f8a7ec14d688c

  • SHA256

    dd30f86bb328a8ae6f2d5d12610b83c4bb632127e5b28086b4e0c548746cb2ba

  • SHA512

    a812561f59a0f1584f6bf88306bb8c6e20b5bbd3cc70bb44af088712962c69672df4a32ef92e202d79993f8cda38e1376d822653063dc476dbf07e287a8c22ac

  • SSDEEP

    3072:4HTscu7YMv4cU+KlnERtz4e1xyF14zRVTf4wT03LOmxrE/ApphT:4T5OYMv6rJERtMeS74zvTAGOOmNLT

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      cd6b788372fc6c577a7f0de514ee7a4ed42da59b866581ddeb0e6c38228428d3.js

    • Size

      260KB

    • MD5

      ec87b49270ad1afb170890fc4644bd59

    • SHA1

      997f47e7d0bd7bc4ba59c2b737c0b5e108858b62

    • SHA256

      cd6b788372fc6c577a7f0de514ee7a4ed42da59b866581ddeb0e6c38228428d3

    • SHA512

      2daa9b36563380a3d55f2a0ec8ddbd1b8fe5d045acb9b98fb210af0e861ed523adef67ee791680e9a9608733e89ba274507ed2405ac9191f62e01f709f19162f

    • SSDEEP

      6144:EPP/pyxHpiGSxCXJZTv+jCtMX1/MJIUDKi:EPHpyR17r+jCtMl/kD9

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks