Overview

overview

10

Static

static

1

Scanned.js

windows7-x64

10

Scanned.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanned.js

  • Size

    3KB

  • Sample

    230804-1arsfaee26

  • MD5

    d65a553af676282e15cb3ab7cf998998

  • SHA1

    dd76b76df265973b7aea2f3ffaba45123024f05c

  • SHA256

    e99599c5b1407b96f88bfcca51264c13d7ff5e7d00c2c3868636b575bb06fcae

  • SHA512

    d7ca6988dfda70a9e390ebe2a65c2a01bd0fe2407df8be83276a1f31781b1bc143daad40ff90310d0fe78c3beffc3b817b8c32637de732c049689d12b62ab4a7

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://jsgrouplimited.duckdns.org:9614

Targets

    • Target

      Scanned.js

    • Size

      3KB

    • MD5

      d65a553af676282e15cb3ab7cf998998

    • SHA1

      dd76b76df265973b7aea2f3ffaba45123024f05c

    • SHA256

      e99599c5b1407b96f88bfcca51264c13d7ff5e7d00c2c3868636b575bb06fcae

    • SHA512

      d7ca6988dfda70a9e390ebe2a65c2a01bd0fe2407df8be83276a1f31781b1bc143daad40ff90310d0fe78c3beffc3b817b8c32637de732c049689d12b62ab4a7

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks