General
-
Target
02cc696570db415f09b6cd2e8d05aa463e03cf0d3b4a6bc92ee367d6c357f522.unknown
-
Size
25KB
-
Sample
240801-bcxzsssgpp
-
MD5
fb095067b1cea82381df42c7fd97a5c3
-
SHA1
98e7f6d6473be733886f2090efe3999935803a78
-
SHA256
02cc696570db415f09b6cd2e8d05aa463e03cf0d3b4a6bc92ee367d6c357f522
-
SHA512
d6c7c6651b97b29243843db189d05bd67acdff097282b07ae43d8021f78887eec2feb8074ee68817baa428d35a1588ae620d811c1f7cda04b39c8b325d388072
-
SSDEEP
384:vXot+AkpABR0CyZChNi1OtDt+QWtla7qxsbUEa9YdyG+BKMHXWUGqOQPmKE2M7La:9zgR0k414Yba7qxOUEa6yAMmMdAa
Malware Config
Targets
-
-
Target
02cc696570db415f09b6cd2e8d05aa463e03cf0d3b4a6bc92ee367d6c357f522.unknown
-
Size
25KB
-
MD5
fb095067b1cea82381df42c7fd97a5c3
-
SHA1
98e7f6d6473be733886f2090efe3999935803a78
-
SHA256
02cc696570db415f09b6cd2e8d05aa463e03cf0d3b4a6bc92ee367d6c357f522
-
SHA512
d6c7c6651b97b29243843db189d05bd67acdff097282b07ae43d8021f78887eec2feb8074ee68817baa428d35a1588ae620d811c1f7cda04b39c8b325d388072
-
SSDEEP
384:vXot+AkpABR0CyZChNi1OtDt+QWtla7qxsbUEa9YdyG+BKMHXWUGqOQPmKE2M7La:9zgR0k414Yba7qxOUEa6yAMmMdAa
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1