Overview

overview

10

Static

static

1

Income tax...LC.wsf

windows7-x64

10

Income tax...LC.wsf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Income tax return for Dircon Construction LLC.wsf

  • Size

    137KB

  • Sample

    230825-sg67pseg6t

  • MD5

    1d733488ff0c33ff91b29d6ba0218ab5

  • SHA1

    588633522abe168911aa9f0566ebd4c8f7db869e

  • SHA256

    0bafff7ce08cfb66ce61ad3cb87d0373c54d8460606813b365121799d2da377a

  • SHA512

    4529e92369efa0d76af65d8a19b06a730f7022d16be56c1b9e2a566eff94aada06094aee0ca13d75584b4dd941b914fcc540c7d4f7811a25104e02208ac23f29

  • SSDEEP

    768:sXh/6FXh/6qXh/6FXh/6XXh/6AXh/6/Xh/6nXh/6TXh/6zXh/6kXh/69Xh/6BXhe:CNxkbO

Score
10/10
vjw0rmtrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://50.114.32.155:7974

Targets

    • Target

      Income tax return for Dircon Construction LLC.wsf

    • Size

      137KB

    • MD5

      1d733488ff0c33ff91b29d6ba0218ab5

    • SHA1

      588633522abe168911aa9f0566ebd4c8f7db869e

    • SHA256

      0bafff7ce08cfb66ce61ad3cb87d0373c54d8460606813b365121799d2da377a

    • SHA512

      4529e92369efa0d76af65d8a19b06a730f7022d16be56c1b9e2a566eff94aada06094aee0ca13d75584b4dd941b914fcc540c7d4f7811a25104e02208ac23f29

    • SSDEEP

      768:sXh/6FXh/6qXh/6FXh/6XXh/6AXh/6/Xh/6nXh/6TXh/6zXh/6kXh/69Xh/6BXhe:CNxkbO

    Score
    10/10
    vjw0rmtrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks