Overview

overview

10

Static

static

1

23102023_2...PDF.js

windows7-x64

10

23102023_2...PDF.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23102023_2233_Order_1000213789.PDF.js

  • Size

    24KB

  • Sample

    231023-rw77wabb74

  • MD5

    1b5fde2efe79bc0ec4d22a1d91760165

  • SHA1

    00aa16c286726482769c0ae381ca0a6f5a4a5209

  • SHA256

    e991bba3a39d36461d64ed184bead6cb4eba71c1d0091d20d304cb80ab7e5ae5

  • SHA512

    17db34f6848ce5f9be41389b6694fa156badb31c6b7e90840c87a9f32b4f7f9394adea664b8de41185458c2098dd6771ab481cc3313167919943f64f37d960ca

  • SSDEEP

    384:z3YzEX81ndQeyn3mp0QEXvuJSWK7Zv73IMZKrnM52Q0zBtQ3ogtOhHKTAKDS:DYzEXkda3mtEWJXKNTICKPsntyKTJu

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://severdops.ddns.net:5050

Targets

    • Target

      23102023_2233_Order_1000213789.PDF.js

    • Size

      24KB

    • MD5

      1b5fde2efe79bc0ec4d22a1d91760165

    • SHA1

      00aa16c286726482769c0ae381ca0a6f5a4a5209

    • SHA256

      e991bba3a39d36461d64ed184bead6cb4eba71c1d0091d20d304cb80ab7e5ae5

    • SHA512

      17db34f6848ce5f9be41389b6694fa156badb31c6b7e90840c87a9f32b4f7f9394adea664b8de41185458c2098dd6771ab481cc3313167919943f64f37d960ca

    • SSDEEP

      384:z3YzEX81ndQeyn3mp0QEXvuJSWK7Zv73IMZKrnM52Q0zBtQ3ogtOhHKTAKDS:DYzEXkda3mtEWJXKNTICKPsntyKTJu

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks