The email “Request Quotation PO.230029” conveys Vjw0rm. The js in the rar attachment contacts a url to download and run an exe: the malware. The mail provider is the same as yesterday’s Remcos campaign

The email “Request Quotation PO.230029” conveys a new global Viw0rm campaign.

The compressed attachment in rar format contains a js contacting a link to download and run an exe file: the malware. It is interesting to note that the provider from which the email was sent is the same as the one used yesterday to spread Remcos through another template. Vjw0rm (aka Vengeance Justice Worm) is a modular worm/RAT hybrid that has three primary capabilities: Information Stealing, Denial of service (DOS), and Self Propagation. In the latter case it copies itself throughout the operating system and startup folder and can spread via removable devices such as USB sticks.

Today’s and yesterday’s mail servers