Overview

overview

10

Static

static

1

Order550232.jar

windows7-x64

10

Order550232.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ce32caf49706a608d200a4067055d09

  • Size

    178KB

  • Sample

    240215-egrkcsgf29

  • MD5

    9ce32caf49706a608d200a4067055d09

  • SHA1

    f16649c74664f652df90848cbc94269f9b3bc061

  • SHA256

    4aaae192adc3d6cbd432d0d0eee8732b49819d44b0988ba64e7d1b0440535933

  • SHA512

    5d63bcd81fe2f071cee065d40cdb97a89c2a1eb01fb7ad19a0db775e17877647e4455fbde9a55aca1b70136f99851465d3c872fe8bf54e2f9d5c6ae55ad1e815

  • SSDEEP

    3072:fQMS/O9vSG8uXtHyMH1iUNA4+ZTlzvrZtdqUqwWEnttZsHC9RDsAn+CNgHcxsQSV:fMWvSG19ZVc4+zrZtdbJZsHC9RDsFCeP

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Targets

    • Target

      Order550232.jar

    • Size

      129KB

    • MD5

      c91d4750382881ff7da852e22a6f2419

    • SHA1

      b916255dfadf02871d0a84083e989df52396e75b

    • SHA256

      12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3

    • SHA512

      e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244

    • SSDEEP

      3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo

    Score
    10/10
    vjw0rmpersistencetrojanwormdiscovery

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks