Overview

overview

10

Static

static

1

a48662837e...fd6.js

windows7-x64

10

a48662837e...fd6.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a48662837e2ec326182f3c966128023993f0ddb16d70ca0b457190f9239aafd6

  • Size

    20KB

  • Sample

    240226-1sqcbshe8y

  • MD5

    7cca426f80eb9e873deda56270e3a87d

  • SHA1

    3d453d3444f0fd8b9b36690846d53afe6e46e3ce

  • SHA256

    a48662837e2ec326182f3c966128023993f0ddb16d70ca0b457190f9239aafd6

  • SHA512

    240aee7b4bf29c4668c6f8676378d4e278453a5941f082c1b343c4e8353c71961974b1dd51693efbff48d2d9ab330e890c6530592354f755d9b7338b979c18ed

  • SSDEEP

    384:3SK4zDaYUwp4CgPOglA+SXPLzkcauhZvQVcJeaDhDK:i/fGmgl+zzkcautwaDhu

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      a48662837e2ec326182f3c966128023993f0ddb16d70ca0b457190f9239aafd6

    • Size

      20KB

    • MD5

      7cca426f80eb9e873deda56270e3a87d

    • SHA1

      3d453d3444f0fd8b9b36690846d53afe6e46e3ce

    • SHA256

      a48662837e2ec326182f3c966128023993f0ddb16d70ca0b457190f9239aafd6

    • SHA512

      240aee7b4bf29c4668c6f8676378d4e278453a5941f082c1b343c4e8353c71961974b1dd51693efbff48d2d9ab330e890c6530592354f755d9b7338b979c18ed

    • SSDEEP

      384:3SK4zDaYUwp4CgPOglA+SXPLzkcauhZvQVcJeaDhDK:i/fGmgl+zzkcautwaDhu

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks