Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7

  • Size

    542KB

  • Sample

    230514-alpjcacd6y

  • MD5

    30260b612d994b6c7e5ff1febcb9a157

  • SHA1

    64d927347d0c0786527532d86949919c076321c1

  • SHA256

    e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7

  • SHA512

    8500466304076fd8fe5165b7e8b00830ffd530a9d7949b01dfd49131381da6ea3330bcbe8a8e1db9fce11395300334339c475ea33bef9dc0eab489c104aed7c5

  • SSDEEP

    12288:UfIub9KMhn1PtO9yD34A81qsEh67FplSb2N8AF+IxOSEEmQiv0df8s/RcSklTWk:kIuYAJ4Ms/bh

Score
10/10
vjw0rmwshratpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://vj7974.duckdns.org:7974

Targets

    • Target

      e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7

    • Size

      542KB

    • MD5

      30260b612d994b6c7e5ff1febcb9a157

    • SHA1

      64d927347d0c0786527532d86949919c076321c1

    • SHA256

      e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7

    • SHA512

      8500466304076fd8fe5165b7e8b00830ffd530a9d7949b01dfd49131381da6ea3330bcbe8a8e1db9fce11395300334339c475ea33bef9dc0eab489c104aed7c5

    • SSDEEP

      12288:UfIub9KMhn1PtO9yD34A81qsEh67FplSb2N8AF+IxOSEEmQiv0df8s/RcSklTWk:kIuYAJ4Ms/bh

    Score
    10/10
    vjw0rmwshratpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • WSHRAT payload

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks