Overview

overview

10

Static

static

1

2921078ffa...969.js

windows7-x64

10

2921078ffa...969.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2921078ffa801cc6b1f03e43ecc21969

  • Size

    32KB

  • Sample

    231231-fmkjnsggeq

  • MD5

    2921078ffa801cc6b1f03e43ecc21969

  • SHA1

    906058e1e1ce4d586426ae1ad70d971f3da83a17

  • SHA256

    4dcdeee1e442d12f58dd818e95c31f562d34546c4d61618f7e6322a8c2b5fa0e

  • SHA512

    92cf75cd46faf4b277145bb5a288aa766ba0154a26a7f2def79b33b758847df2a72d7adec103b358a7ef5b09d6a988327c70729903acef394faeea259d99fa35

  • SSDEEP

    768:At0LO4yXv+UWSPb+C6qHOteIy4KUubJ2J01Zalb8Y03l83:Q06+UWDcOteXAJkZalwU

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      2921078ffa801cc6b1f03e43ecc21969

    • Size

      32KB

    • MD5

      2921078ffa801cc6b1f03e43ecc21969

    • SHA1

      906058e1e1ce4d586426ae1ad70d971f3da83a17

    • SHA256

      4dcdeee1e442d12f58dd818e95c31f562d34546c4d61618f7e6322a8c2b5fa0e

    • SHA512

      92cf75cd46faf4b277145bb5a288aa766ba0154a26a7f2def79b33b758847df2a72d7adec103b358a7ef5b09d6a988327c70729903acef394faeea259d99fa35

    • SSDEEP

      768:At0LO4yXv+UWSPb+C6qHOteIy4KUubJ2J01Zalb8Y03l83:Q06+UWDcOteXAJkZalwU

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks