vjw0rm | cd5411864870384adeb4c0d0b4d81c700e75fbf53daeb1e57a4c6d38d9a5ca71 | Triage

Sharing

General

Target

5150d7efbb850ccae1af6c13219a1a65
Size

29KB
Sample

220616-lqfyjsddcp
MD5

5150d7efbb850ccae1af6c13219a1a65
SHA1

95d304339e0b2cb6a831ab479cb82708bdfad99d
SHA256

cd5411864870384adeb4c0d0b4d81c700e75fbf53daeb1e57a4c6d38d9a5ca71
SHA512

55bfc1d67a5e235fa8ede4166edb491ef6e6f53773b3e30dde96f3ae188b31073c003eca86e5e1a17edf8d57cc3f81fa63816c06755bc5c5b6656187ba2345e3

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  AWB-14062022.js
- Size
  
  47KB
- MD5
  
  db27256d436350714fb51710dc897335
- SHA1
  
  ce68eda62d41b82fe24b0a2afa75204c401f33d4
- SHA256
  
  d5dde5256817dcaa65fa26a9a34283989c61aa3b675f3e9e3f87ad48045a47ff
- SHA512
  
  88ffd93ccd02a1505e7bf792500d48ea6f6784921edb7006fc85f90af3c6903088d210af1c4fb6c1f2c8f112dc1f5cc578ef17e0585588a196738de33fe288bf
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm