vjw0rm | d7ef41fdbc0215ff6a62eaf607d75a8d5eb29cb505b367c5e285de5283c8b324 | Triage

Sharing

General

Target

Order receipt #FRI-1605398-SCA.js
Size

65KB
Sample

220318-xvzf8sdhbr
MD5

ff61c1c6da0d2cda1e41e2871eb1160d
SHA1

2bd6450b5c6b0bf1404c596e6b97cda3b73bc1bb
SHA256

d7ef41fdbc0215ff6a62eaf607d75a8d5eb29cb505b367c5e285de5283c8b324
SHA512

03d753802d5a3832b932340e311e1e33a5f5f2ffa4113f0767eca58324a533505a91b39479db10a842d66a1eb88c53db6946581ab033c112447efd88f1da4a69

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://shizzlenjworm.duckdns.org:1605

Targets

- Target
  
  Order receipt #FRI-1605398-SCA.js
- Size
  
  65KB
- MD5
  
  ff61c1c6da0d2cda1e41e2871eb1160d
- SHA1
  
  2bd6450b5c6b0bf1404c596e6b97cda3b73bc1bb
- SHA256
  
  d7ef41fdbc0215ff6a62eaf607d75a8d5eb29cb505b367c5e285de5283c8b324
- SHA512
  
  03d753802d5a3832b932340e311e1e33a5f5f2ffa4113f0767eca58324a533505a91b39479db10a842d66a1eb88c53db6946581ab033c112447efd88f1da4a69
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm