vjw0rm | ec888828369bff69e90aab0dcc08130fce42b7e9601c97bcc4acfdda72cbf126 | Triage

Sharing

General

Target

ec888828369bff69e90aab0dcc08130fce42b7e9601c97bcc4acfdda72cbf126
Size

164KB
Sample

220206-1dn6qacbg2
MD5

2a36b662eadcb4e7bab00217c71f5ded
SHA1

90d6fd21cf756e4d80f11cdbf95159589b483021
SHA256

ec888828369bff69e90aab0dcc08130fce42b7e9601c97bcc4acfdda72cbf126
SHA512

287e122a12ee4a28c1b322d8b5c87b8c65efe4fd301999e9bd69df9e1b39ea05a2f610f5261f6eb6bba9ac65210d089ff77b9adf8c47d295b1adbdde1a841f34

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  3030098_Order_Receipt.js
- Size
  
  102KB
- MD5
  
  da505963475651e7e73d350b75a3477e
- SHA1
  
  3446233aeaf07f32ded982387d965814c4f8eb7d
- SHA256
  
  dd5c0817458afce55a241b8cb384d8bd4124da4f41710a0af87fa7f249c649ca
- SHA512
  
  51e4f364bdcc6399df7f0c4c158f34bb704c1262dda88e7b9385e7d0e8f5d97663e9be30feb7c80b960ca995544e16c1b5cf97967b99d908ee5ad667724b99ce
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm