vjw0rm | d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13 | Triage

Submit
Reports

Overview

overview

Static

static

CPVN - PO ...-01.js

windows7_x64

CPVN - PO ...-01.js

windows10_x64

Sharing

General

Target

CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js
Size

45KB
Sample

211019-kceynagcfr
MD5

8c7d90878061ce94f70b41a3d2678379
SHA1

7d08d5be9c64a49ccfeeb14aee806cb017d941db
SHA256

d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13
SHA512

e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792

Score

10^/10

vjw0rm wshrat persistence suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js

Resource

win7-en-20210920

vjw0rm wshrat persistence suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js

Resource

win10-en-20211014

vjw0rm wshrat persistence suricata trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

wshrat

C2

http://faxjohn01.dyn.ddnss.de:1251

Targets

- Target
  
  CPVN - PO 1910450087085-03 - C.P Việt Nam - CPV-01.js
- Size
  
  45KB
- MD5
  
  8c7d90878061ce94f70b41a3d2678379
- SHA1
  
  7d08d5be9c64a49ccfeeb14aee806cb017d941db
- SHA256
  
  d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13
- SHA512
  
  e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792
Score

10^/10

vjw0rm wshrat persistence suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- suricata: ET MALWARE WSHRAT CnC Checkin
  suricata: ET MALWARE WSHRAT CnC Checkin
  suricata
- suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencesuricatatrojanworm

behavioral2

vjw0rmwshratpersistencesuricatatrojanworm

© 2018-2024

Terms | Privacy