Overview

overview

10

Static

static

1

d76d9fa7fa...ac9.js

windows7-x64

10

d76d9fa7fa...ac9.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d76d9fa7fa75a31b2a62804c8925a1c352f407831865bebc005b7f01676b5ac9.zip

  • Size

    931KB

  • Sample

    230330-dkv7aaag59

  • MD5

    545337ae5445b7c35960208378096edf

  • SHA1

    998b1630d342bd229fe78632bc9162b45d74d7e7

  • SHA256

    be642fbf0a49582e7fee104a7d8dad9eebd11e3ec175256a8a6c86b7fe93bb0c

  • SHA512

    b2f2cb97e0c9fbd512b5ac0fac45476033705cd15d291178ecbd520af1b1a60c691ebb2ae98ac68a258394b73af3b80c0f845c49f80db56a5dbeb9dfa333395b

  • SSDEEP

    24576:HEUhHo8J+e8TAzKmI2NmqrFd00XBnEvrDWUIbe3cqhEpN4Ale7I4e:H3GHtAzKr2NFzp2/Wmsg7E

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      d76d9fa7fa75a31b2a62804c8925a1c352f407831865bebc005b7f01676b5ac9.js

    • Size

      4.5MB

    • MD5

      9cf2c793029ae8dd84a387ba66e8c432

    • SHA1

      48f6d8e5c4f55434a3d1fdc1531bd37fb6248d10

    • SHA256

      d76d9fa7fa75a31b2a62804c8925a1c352f407831865bebc005b7f01676b5ac9

    • SHA512

      33dd2fbc290c8feb31570e200f469729d5385e3f214edb4299b47bd841a0cd24a9ea211808e6c58cef63a812b27558852dbed2daf0cfac8953b3d028fd019848

    • SSDEEP

      24576:8NLb0+2xYFsLoDw9svltZ7r55HNYYkY4WOxbZQCgvRo5PD1rMLSeGU0pOlBY9Pcw:3ueQa

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks