Overview

overview

10

Static

static

1

1ZXSAOPKH0...OPY.js

windows7-x64

10

1ZXSAOPKH0...OPY.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ZXSAOPKH09SA_PAYMENT-COPY.js

  • Size

    9.0MB

  • Sample

    230223-lffvsshc3y

  • MD5

    2e2078339793c66d19efb2c4b642ccb1

  • SHA1

    714ae2b2c1ac173e5539c95d4594c0d3ed4aa438

  • SHA256

    15473e094a9ec464cce7a31879bc27eec654a43ea27239bd7f56afa333a59a7c

  • SHA512

    e184bf67a29fcc8b01afb9d225b57fc33e3b3cc905c01f585a5a417b6c106d8f2aeaf3133cd4b2f3c7aa5dec517096356e46f3ee2f05953fdd0c6af63191ac44

  • SSDEEP

    96:BZH1uy6XIUoN2lcJc9l8SVinV2F2uFInZW6cNxTGji578Gji5rmjiQD0wGji57ty:BZVh7yeSQnV2F2AIZW3NxT78i0w7t

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://jamnnd.duckdns.org:8024

Targets

    • Target

      1ZXSAOPKH09SA_PAYMENT-COPY.js

    • Size

      9.0MB

    • MD5

      2e2078339793c66d19efb2c4b642ccb1

    • SHA1

      714ae2b2c1ac173e5539c95d4594c0d3ed4aa438

    • SHA256

      15473e094a9ec464cce7a31879bc27eec654a43ea27239bd7f56afa333a59a7c

    • SHA512

      e184bf67a29fcc8b01afb9d225b57fc33e3b3cc905c01f585a5a417b6c106d8f2aeaf3133cd4b2f3c7aa5dec517096356e46f3ee2f05953fdd0c6af63191ac44

    • SSDEEP

      96:BZH1uy6XIUoN2lcJc9l8SVinV2F2uFInZW6cNxTGji578Gji5rmjiQD0wGji57ty:BZVh7yeSQnV2F2AIZW3NxT78i0w7t

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks