Overview

overview

10

Static

static

1

e-Receipt.js

windows7-x64

10

e-Receipt.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e-Receipt.js

  • Size

    9.0MB

  • Sample

    230328-hvy35she49

  • MD5

    ac20d33a1161d432ff3da4edd95d9ec1

  • SHA1

    0987458070aea7ee90101b31f59621bbdd123718

  • SHA256

    0d83155e7cb3df97f1b07f18528d3f955b07b7f79d3d4942a1ec22607e08936a

  • SHA512

    18b528853ca23a801b653335e384d8cf66a0473c98eff4ea1e31ab5c7edb36f59cc6df8ce2f59ce137ab4d3ca559f9c64085fe20d6879c33bb9f501993abb483

  • SSDEEP

    192:CZVh7E1Uy2h2ZgKnzDyIlvwEvhlgpZ8QvwYd:0Vm1Uiz2swcgpCowYd

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://demon666.duckdns.org:9011

Targets

    • Target

      e-Receipt.js

    • Size

      9.0MB

    • MD5

      ac20d33a1161d432ff3da4edd95d9ec1

    • SHA1

      0987458070aea7ee90101b31f59621bbdd123718

    • SHA256

      0d83155e7cb3df97f1b07f18528d3f955b07b7f79d3d4942a1ec22607e08936a

    • SHA512

      18b528853ca23a801b653335e384d8cf66a0473c98eff4ea1e31ab5c7edb36f59cc6df8ce2f59ce137ab4d3ca559f9c64085fe20d6879c33bb9f501993abb483

    • SSDEEP

      192:CZVh7E1Uy2h2ZgKnzDyIlvwEvhlgpZ8QvwYd:0Vm1Uiz2swcgpCowYd

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.