Overview

overview

10

Static

static

1

9e872de711...ad9.js

windows7-x64

10

9e872de711...ad9.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e872de7115891e5eea6c64be9164ad9

  • Size

    195KB

  • Sample

    231222-qj7j5sffdq

  • MD5

    9e872de7115891e5eea6c64be9164ad9

  • SHA1

    c279eb494fbf5cd0a398fb02c4b10e8728b4198b

  • SHA256

    019a6c3f10ef4440d4c08462eaca4acca8f58e16bc375c0483336368bc919457

  • SHA512

    b9d651f7f4bc7edbd4f66c0acad209bcbc3268a648a02cff5b19b5f30eafe2c6e1ade7ce617f4b16433585cf3aa3f13a25f665a7541371af0e587c2a472453db

  • SSDEEP

    3072:WY+n3QxmgBp64aCMyf1m67IYGP8RLI/VvsY4h34VruWwuUwWrFPv5:63y7Meh7gP3uTh34VrhwuVWrFPv5

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Targets

    • Target

      9e872de7115891e5eea6c64be9164ad9

    • Size

      195KB

    • MD5

      9e872de7115891e5eea6c64be9164ad9

    • SHA1

      c279eb494fbf5cd0a398fb02c4b10e8728b4198b

    • SHA256

      019a6c3f10ef4440d4c08462eaca4acca8f58e16bc375c0483336368bc919457

    • SHA512

      b9d651f7f4bc7edbd4f66c0acad209bcbc3268a648a02cff5b19b5f30eafe2c6e1ade7ce617f4b16433585cf3aa3f13a25f665a7541371af0e587c2a472453db

    • SSDEEP

      3072:WY+n3QxmgBp64aCMyf1m67IYGP8RLI/VvsY4h34VruWwuUwWrFPv5:63y7Meh7gP3uTh34VrhwuVWrFPv5

    Score
    10/10
    vjw0rmpersistencetrojanwormdiscovery

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks