Overview

overview

10

Static

static

1

6ac96e5509...574.js

windows7-x64

10

6ac96e5509...574.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6812d6fba47adabb337563ca20fa84f8.bin

  • Size

    1.2MB

  • Sample

    240421-bmntwafe2s

  • MD5

    e5198048f039c2b6e94a69c7c41897d8

  • SHA1

    d5b3158576bc76fa0f8377a924885ecfe00178bd

  • SHA256

    21466b223aee245b59ac52cdf7dd26beca648839a6b9753a521acbd8b04f9c78

  • SHA512

    fc3732191f61ae1104ab77f3be3737747c08c7c2d80ddfeaca58733cb771dc7bb1e9f79e952b450e63fe90449b21f2f660811383e3d10ca6e8a448458c46748b

  • SSDEEP

    24576:QM5lDtg1DHWUyDn3kWcUcPha+VuBpLX0X5/GSjGMy0AwK3:Q8lDtgNgDn0McZTcl0X5/TAz3

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574.js

    • Size

      3.8MB

    • MD5

      6812d6fba47adabb337563ca20fa84f8

    • SHA1

      2ab5b312c71f2a60d53c16fad7690291ea6d5bb0

    • SHA256

      6ac96e55099f4737d755e8caa4a03a4ad47faec1e7d133c3eb67c9a7057cd574

    • SHA512

      63d595755ddb4f6b680fb41068f285fbfa6b87d508b7efe1c2f481e70722a2d08669f15b08e362e8db0fdbd85f84796d1f1dd48717c7bf6392055dbbedfeaeae

    • SSDEEP

      49152:DVz6cMuHZupT2iUkP6qOyJdCt6x9loTDW6bK53j+ji48++M0fTW/JDy4TaERYUbB:V

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks