vjw0rm | b81c828abb7e8b74cc1f8102c7823599105a927ccec71beac31e05faf806c65e | Triage

Sharing

General

Target

Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM.zip
Size

449KB
Sample

210706-ayqsg3lspn
MD5

f99c149f57a2e1d18ec9b6cb4251117f
SHA1

4189ed9a74584a250028ab5128f19a2d3330001b
SHA256

b81c828abb7e8b74cc1f8102c7823599105a927ccec71beac31e05faf806c65e
SHA512

193b4fdf3d9df2707d178a7a6954ea5a57407d7b94bf662212c7d39b3b95bf1ea2eb29755aa4a38f80bf2593a813d7070e5e1311e2cecff340bfff3a5ce2e09a

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM.vbs
- Size
  
  24KB
- MD5
  
  ec617eb0e16de06ed1fe0f89d7e7e6a1
- SHA1
  
  a91c63e8f6d28dd8a4b2e2150b66e5bf0829aa6a
- SHA256
  
  800c93b45aa54a9f68070f49f183e08cb5ad5375ad3bb83f2456ff2490bc5c6d
- SHA512
  
  6ac3360114819a376ae98b95fbaf43d1f6efb26bfa045db08d23f3dcd0cdd413c0db536e6511df5fb4215393946ea0e11f506c43989b84eb09a37eb830227839
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Requerimiento fiscal aqui encontrara copia de la denuncia presentada en su contra NUNC SPOA.exe
- Size
  
  792KB
- MD5
  
  c6110aa7ac18ab20d2a402792bddf18c
- SHA1
  
  58283d8319b7b61869484cea210462d66118bfd9
- SHA256
  
  af6f738044f9f5c188557f3e6a72ad130aa32fb25d15d3826f250abd25cb7b95
- SHA512
  
  6c4a16ea11d5d596b3313898c2d734d5f034f4229c8a56a9d9a64a96d646ce703d238318bb7171064347ce866a97a989977b19daf3f17543098c7e179352aae4
Score

5^/10
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/SPOA Sistema Penal Oral Acusatorio Notificacion de requerimiento fiscal a su nombre por admision de denuncia.js
- Size
  
  181KB
- MD5
  
  bf197fc803110445e9101d0d4273c43f
- SHA1
  
  cca51de9562decf397de1479840f1f00fac1f5e2
- SHA256
  
  0b21dc99aacd1c180a7c837761778f362a418e7e01e346df6b22a8211bab34f3
- SHA512
  
  64cd33c4072a18e7974e968e5e8e7cddda85c8c7b9cba244d976f9bd5ce84e81c7ac7bec49bb1a54da3727c9839559ae2661be53394188b0f585d57c7a4287f4
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

vjw0rmpersistencetrojanworm

behavioral6

vjw0rmpersistencetrojanworm