vjw0rm | d659d288e3b316568f0ef98b2f8a14b57b2f620818fa01fba1741d5f0f0f0925 | Triage

Sharing

General

Target

receipt.js
Size

21KB
Sample

220211-h147cacbg2
MD5

fb34a8b0c4fb9221726c41f66ad5a604
SHA1

957ace13d02b3ff42d1d34037e7f348e00c8de94
SHA256

d659d288e3b316568f0ef98b2f8a14b57b2f620818fa01fba1741d5f0f0f0925
SHA512

53cd70534f7fdf52ef57981694761325076dff190cd1911966c29dab0cd1b1b6417bde0dbe65780f0b0ccc89649e4f776441c577717d4e0169c4fd84a5f061dc

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  receipt.js
- Size
  
  21KB
- MD5
  
  fb34a8b0c4fb9221726c41f66ad5a604
- SHA1
  
  957ace13d02b3ff42d1d34037e7f348e00c8de94
- SHA256
  
  d659d288e3b316568f0ef98b2f8a14b57b2f620818fa01fba1741d5f0f0f0925
- SHA512
  
  53cd70534f7fdf52ef57981694761325076dff190cd1911966c29dab0cd1b1b6417bde0dbe65780f0b0ccc89649e4f776441c577717d4e0169c4fd84a5f061dc
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm