vjw0rm | b71e66c2f3dd88356df6c1bb0cab806156e91bed324c376b45cae58ce051ceff | Triage

Sharing

General

Target

f875ce20d9473d5dd74d2e0382fb32ba
Size

311KB
Sample

231222-vdb89scha8
MD5

f875ce20d9473d5dd74d2e0382fb32ba
SHA1

a9b75554d7cb9eae3f06c2b9f3b7cf60617b32d8
SHA256

b71e66c2f3dd88356df6c1bb0cab806156e91bed324c376b45cae58ce051ceff
SHA512

1eccb095f0bd41fb28879a726d8257b3a30cc487efa33fe24f2be2899596ee99bc54179d7003493aec50e55f6e6beac77616a9a8d9c3d80e4cb4a0244c33c4fe
SSDEEP

6144:X/Rfo2A0XbJtYp+JPNqRvhQoACsix01v8sPgMBZe9c/slHWiqIWvfQwc:mkFtYwPNqRGrCG9rYML/FjvI

Score

10^/10

vjw0rm xloader wqos loader persistence rat trojan worm

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wqos

Decoy

nobis.one

firecrestfineart.com

zhongqiaolw.com

healthcaremovement.com

amothersloveliberates.com

maskscafe.com

dkukkmk.icu

realmindofmitch.com

cranes-crossing.com

deeplyrootedplants.com

doodlesbakery.com

xiaomagu.com

lactase-enzym.com

comprartecnologia.com

making-my-new-normal.com

ruksamin.com

inforko.com

2mblueprint.com

pinkfang.com

100daysofbush.com

Targets

- Target
  
  f875ce20d9473d5dd74d2e0382fb32ba
- Size
  
  311KB
- MD5
  
  f875ce20d9473d5dd74d2e0382fb32ba
- SHA1
  
  a9b75554d7cb9eae3f06c2b9f3b7cf60617b32d8
- SHA256
  
  b71e66c2f3dd88356df6c1bb0cab806156e91bed324c376b45cae58ce051ceff
- SHA512
  
  1eccb095f0bd41fb28879a726d8257b3a30cc487efa33fe24f2be2899596ee99bc54179d7003493aec50e55f6e6beac77616a9a8d9c3d80e4cb4a0244c33c4fe
- SSDEEP
  
  6144:X/Rfo2A0XbJtYp+JPNqRvhQoACsix01v8sPgMBZe9c/slHWiqIWvfQwc:mkFtYwPNqRGrCG9rYML/FjvI
Score

10^/10

vjw0rm xloader wqos loader persistence rat trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmxloaderwqosloaderpersistencerattrojanworm

behavioral2

xloaderwqosloaderrat