Overview

overview

10

Static

static

1

Dekont.js

windows7-x64

10

Dekont.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dekont.zip.zip

  • Size

    17KB

  • Sample

    231012-mgnsgada61

  • MD5

    c8bfaf469b71bf6dd1e50541d590135d

  • SHA1

    6692283e2931d603d8cae27790f3ebc15844b503

  • SHA256

    6f99bf12062ceef775d487c08e144365581766a83c1db9d77f8e7aec5200b8a5

  • SHA512

    a84557616e46e3bccf0f7e96fc04474a042e70dd41518f75f8eb2f37049b28916ec1fd750c92fd7254e1d2b1e164508a525cb30b340072e6297c5e1919e86e41

  • SSDEEP

    384:zvdEhSJTAsU+ms7jq78DDkicAjpLYKHfDVM6JzkZjJAyAS3bPZkY6yks6R9:zvVJ4s7jq72gAjPfRHz0bApvync9

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      Dekont.js

    • Size

      24KB

    • MD5

      a009678a453e743ca3b705eedbc11da0

    • SHA1

      d0cadeb8a36a4b31d11c6b0e863a7da83c065d12

    • SHA256

      1212ff50fe2a273f343459baeb52dd3c3c52352d253447bfce423d378b8b7d56

    • SHA512

      6aa0d8455bb7db70971886ec80c20648da35ec5ef3c6b80f5b3fefa21156aa21b23ccd6e65f066018dd1f5a45d45a8bcaecd2511ffbea9a734eb0de1292c85f3

    • SSDEEP

      768:w8zez+dgOrfp0rYOaNnWGUkUj/N3uO6O2Qtl:3zez+dgC+rpaRR/CF6O2QX

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks