General

  • Target

    april.js.js

  • Size

    7KB

  • Sample

    240430-nvbwhabd81

  • MD5

    80f51d08ca4bfe113f107cbddee325a7

  • SHA1

    46bb94527f89b625d5a128279c14d34b6a97bba4

  • SHA256

    322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd

  • SHA512

    23b112582cc951c4c659e6c9053d1d7f27c6f829ee57cbd0a33669ea53827a83eea5327426a419cc8fc8ed659b6e248258f7af56c62341a34ef33b7cd193307c

  • SSDEEP

    192:yhelBslelLSiw7lKRt1VPEZk5ERpRvK8R/FTr4wV:ygvswJSE9PB2fvdhr4wV

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://aprijs7250.duckdns.org:7250

Targets

    • Target

      april.js.js

    • Size

      7KB

    • MD5

      80f51d08ca4bfe113f107cbddee325a7

    • SHA1

      46bb94527f89b625d5a128279c14d34b6a97bba4

    • SHA256

      322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd

    • SHA512

      23b112582cc951c4c659e6c9053d1d7f27c6f829ee57cbd0a33669ea53827a83eea5327426a419cc8fc8ed659b6e248258f7af56c62341a34ef33b7cd193307c

    • SSDEEP

      192:yhelBslelLSiw7lKRt1VPEZk5ERpRvK8R/FTr4wV:ygvswJSE9PB2fvdhr4wV

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks