vjw0rm

General

Target

RTK009ESQW.iso
Size

136KB
Sample

220207-vcan2sefcr
MD5

b3654c817e609df902a32dd0ff923f82
SHA1

9dd6a609f9564b9b7b1dbbf02c395cdbed63ce1a
SHA256

498156166a19ca4a2f60475444a7dba94441f4a3839e9e98d0e7d9aa970fc7fa
SHA512

d412900ebf2daaf810a9361bc021691c8714e64e929d95d358fbec0b0864c8676f7e183ad64a7d1cd39f776e610b2dd76a6bdceb112561e4ab8bfa9936b53efa

Score

10^/10

Malware Config

Targets

- Target
  
  RTK009ENF.js
- Size
  
  61KB
- MD5
  
  4aeac345ff0d52f7ea2e9a9b9de73cb4
- SHA1
  
  cb3c9866359b2db03f80f9715cc84a3d9e743f12
- SHA256
  
  16ee8787395039445c472df4c45834ac3e6299f753764dbe27b9bc031e383a9b
- SHA512
  
  266a5a3ac9c6c88325f5234ad16918db5b936aeeffed41d003d340a3c24b05974fb78bb7575f00bff50b6d01da2a0b57d548d4bd51b8691540d982249c7bd6c9
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  YRGH009QA.js
- Size
  
  13KB
- MD5
  
  7e4052c4ef66b69ea6567cf9511cddcd
- SHA1
  
  4d3b046443bbba80244121c7ff44b3c4425292d3
- SHA256
  
  c91b33406d00fdedeebd6ce809a612df96b5cea7835c2c13061498c6960d76e3
- SHA512
  
  2b0ee57fdd1f77cb54f657fbea8637f040bba3728916f7e376e9f465ecca70e52dc9296c185908b9a37760812f85962b323bfcc7acdb74563cb45b089e8c0f19
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral3 behavioral4