vjw0rm | e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a | Triage

Submit
Reports

Overview

overview

Static

static

PO 21.18.0...AL).js

windows7_x64

PO 21.18.0...AL).js

windows10_x64

Sharing

General

Target

PO 21.18.0047 -(APPROVAL).js
Size

45KB
Sample

211018-h5597seagl
MD5

8547af690a9b533d6acd08360f5b18d5
SHA1

fe393629e5df70bcfef741a70432af6c6a528b27
SHA256

e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
SHA512

7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d

Score

10^/10

vjw0rm wshrat persistence suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

PO 21.18.0047 -(APPROVAL).js

Resource

win7-en-20210920

vjw0rm wshrat persistence suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO 21.18.0047 -(APPROVAL).js

Resource

win10-en-20210920

vjw0rm wshrat persistence suricata trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

wshrat

C2

http://jahblessrtd4ever.home-webserver.de:1604

Targets

- Target
  
  PO 21.18.0047 -(APPROVAL).js
- Size
  
  45KB
- MD5
  
  8547af690a9b533d6acd08360f5b18d5
- SHA1
  
  fe393629e5df70bcfef741a70432af6c6a528b27
- SHA256
  
  e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
- SHA512
  
  7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d
Score

10^/10

vjw0rm wshrat persistence suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- suricata: ET MALWARE WSHRAT CnC Checkin
  suricata: ET MALWARE WSHRAT CnC Checkin
  suricata
- suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencesuricatatrojanworm

behavioral2

vjw0rmwshratpersistencesuricatatrojanworm

© 2018-2024

Terms | Privacy