vjw0rm | 7b3187751d1b85e101baf35c73d93c77006cf7a6729ba1b57a702884a0a5c17d | Triage

Sharing

General

Target

Maersk Sets Documents.js
Size

47KB
Sample

220615-dhbpvshggp
MD5

3391e6b60c013e63bb73c91cd77ea05b
SHA1

8e7197b5dc1c99d6579f0a002aa7a4e0fa16de8a
SHA256

7b3187751d1b85e101baf35c73d93c77006cf7a6729ba1b57a702884a0a5c17d
SHA512

c025c5f85219083aabe69474fbbf1415d445fa27c8c19640ccf971be3178741fcc8623f114008c99005a36e4848950fd8a11515bf2f31f79a3168ee3bb95fb33

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Maersk Sets Documents.js
- Size
  
  47KB
- MD5
  
  3391e6b60c013e63bb73c91cd77ea05b
- SHA1
  
  8e7197b5dc1c99d6579f0a002aa7a4e0fa16de8a
- SHA256
  
  7b3187751d1b85e101baf35c73d93c77006cf7a6729ba1b57a702884a0a5c17d
- SHA512
  
  c025c5f85219083aabe69474fbbf1415d445fa27c8c19640ccf971be3178741fcc8623f114008c99005a36e4848950fd8a11515bf2f31f79a3168ee3bb95fb33
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm