vjw0rm | bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc | Triage

Submit
Reports

Overview

overview

Static

static

bb4fc8b24c...bc.exe

windows7_x64

bb4fc8b24c...bc.exe

windows10-2004_x64

8

Sharing

General

Target

bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
Size

471KB
Sample

220203-sv5k2abad2
MD5

2ab5df8bedd64d6f06b3e885ae422cd0
SHA1

cf1f4cdf495a05eb143e5448eee6ee4ce527108e
SHA256

bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
SHA512

587ca78b25c4498d5402d0a35ec55f1a693866507e0c5a9d30ac8f3e910e5256c906966a14de209b8fb1dffde3cc10d5759344a175ee4cfbb75e5bdcd982d30d

Score

10^/10

vjw0rm trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc.exe

Resource

win7-en-20211208

vjw0rm trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cdn.discordapp.com/attachments/858084271553249342/863039759001452564/Main.png

Targets

- Target
  
  bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
- Size
  
  471KB
- MD5
  
  2ab5df8bedd64d6f06b3e885ae422cd0
- SHA1
  
  cf1f4cdf495a05eb143e5448eee6ee4ce527108e
- SHA256
  
  bb4fc8b24c345743968f905c9f3f7a47e008e787df111236e54dd02dbb6b3ebc
- SHA512
  
  587ca78b25c4498d5402d0a35ec55f1a693866507e0c5a9d30ac8f3e910e5256c906966a14de209b8fb1dffde3cc10d5759344a175ee4cfbb75e5bdcd982d30d
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

© 2018-2024

Terms | Privacy