Overview

overview

10

Static

static

1

NEAS.cb918...810.js

windows7-x64

10

NEAS.cb918...810.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.cb9180e29f04c5cb798032bfc44d4810.vir

  • Size

    236KB

  • Sample

    231105-jm4jbscf4s

  • MD5

    cb9180e29f04c5cb798032bfc44d4810

  • SHA1

    694bf337ac85528ca316d6becee3144e68df2aa3

  • SHA256

    6faec8bf17abcfc03ce14e3b125d545f2f5d72548a59e814d7e279281210e770

  • SHA512

    59b7f3363bc32df6e1283c3022897f439d4972baf5ba63027a17f981609d34743a6e26a2e0753900f1f79e9a1215e9b95c79660748bb14949aef955821631141

  • SSDEEP

    3072:7Wu1AT2XJAvZBEkHiMg3mMlbYH+2JDLCGPERQ3:7Wu1AT2XJAvZB3HxpMlbYH+sLCGPqQ3

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      NEAS.cb9180e29f04c5cb798032bfc44d4810.vir

    • Size

      236KB

    • MD5

      cb9180e29f04c5cb798032bfc44d4810

    • SHA1

      694bf337ac85528ca316d6becee3144e68df2aa3

    • SHA256

      6faec8bf17abcfc03ce14e3b125d545f2f5d72548a59e814d7e279281210e770

    • SHA512

      59b7f3363bc32df6e1283c3022897f439d4972baf5ba63027a17f981609d34743a6e26a2e0753900f1f79e9a1215e9b95c79660748bb14949aef955821631141

    • SSDEEP

      3072:7Wu1AT2XJAvZBEkHiMg3mMlbYH+2JDLCGPERQ3:7Wu1AT2XJAvZB3HxpMlbYH+sLCGPqQ3

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks