vjw0rm | cd84cb8d15ba8c8b0e006bc0b8988e7033abbb6943addc46e7d7542ebc901989 | Triage

Submit
Reports

Overview

overview

Static

static

R7MC1D7ZGB.js

windows10-2004_x64

Sharing

General

Target

R7MC1D7ZGB.js
Size

257KB
Sample

220228-clnyxseceq
MD5

a5d240521ceca1cfea78be885c76413f
SHA1

e336b76d64ffab956a877f015c223d41dd66c246
SHA256

cd84cb8d15ba8c8b0e006bc0b8988e7033abbb6943addc46e7d7542ebc901989
SHA512

21f29438d817c98164553841e9f50e04023ceaa6bd98adf6199c159773d54d374c4904e154c9a528709cb7890be021ee089aeb9fd7ebdea487bcda3fa04a4002

Score

10^/10

vjw0rm wshrat persistence suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

R7MC1D7ZGB.js

Resource

win10v2004-en-20220113

vjw0rm wshrat persistence suricata trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  R7MC1D7ZGB.js
- Size
  
  257KB
- MD5
  
  a5d240521ceca1cfea78be885c76413f
- SHA1
  
  e336b76d64ffab956a877f015c223d41dd66c246
- SHA256
  
  cd84cb8d15ba8c8b0e006bc0b8988e7033abbb6943addc46e7d7542ebc901989
- SHA512
  
  21f29438d817c98164553841e9f50e04023ceaa6bd98adf6199c159773d54d374c4904e154c9a528709cb7890be021ee089aeb9fd7ebdea487bcda3fa04a4002
Score

10^/10

vjw0rm wshrat persistence suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- suricata: ET MALWARE WSHRAT CnC Checkin
  suricata: ET MALWARE WSHRAT CnC Checkin
  suricata
- suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencesuricatatrojanworm

© 2018-2024

Terms | Privacy