Analysis

  • max time kernel
    122s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2024 11:42

General

  • Target

    april.js

  • Size

    7KB

  • MD5

    80f51d08ca4bfe113f107cbddee325a7

  • SHA1

    46bb94527f89b625d5a128279c14d34b6a97bba4

  • SHA256

    322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd

  • SHA512

    23b112582cc951c4c659e6c9053d1d7f27c6f829ee57cbd0a33669ea53827a83eea5327426a419cc8fc8ed659b6e248258f7af56c62341a34ef33b7cd193307c

  • SSDEEP

    192:yhelBslelLSiw7lKRt1VPEZk5ERpRvK8R/FTr4wV:ygvswJSE9PB2fvdhr4wV

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://aprijs7250.duckdns.org:7250

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

  • Blocklisted process makes network request 1 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\april.js
    1⤵
    • Blocklisted process makes network request
    PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads