vjw0rm | c673548131b745edf8a8ec0737790633ec0a44aef9771ac4d4ff301fd915d2e0 | Triage

Submit
Reports

Overview

overview

Static

static

New Order.js

windows7_x64

New Order.js

windows10-2004_x64

Sharing

General

Target

New Order.js
Size

102KB
Sample

220617-karvfabbbj
MD5

f890e7d367f88ec86a590713f93891b5
SHA1

a179e35efd7a8fa0eb5216b4d3e65e8e8935493c
SHA256

c673548131b745edf8a8ec0737790633ec0a44aef9771ac4d4ff301fd915d2e0
SHA512

63a9adb256314a0acc4f8491dcb6b7e4471ecdfcfc9e40a659689d5f836d2807275de15e9d44823c67a662d421a783d58f6addcef44231aa7ac029b0e450ba22

Score

10^/10

vjw0rm persistence suricata trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

New Order.js

Resource

win7-20220414-en

vjw0rm persistence suricata trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Order.js

Resource

win10v2004-20220414-en

vjw0rm persistence suricata trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  New Order.js
- Size
  
  102KB
- MD5
  
  f890e7d367f88ec86a590713f93891b5
- SHA1
  
  a179e35efd7a8fa0eb5216b4d3e65e8e8935493c
- SHA256
  
  c673548131b745edf8a8ec0737790633ec0a44aef9771ac4d4ff301fd915d2e0
- SHA512
  
  63a9adb256314a0acc4f8491dcb6b7e4471ecdfcfc9e40a659689d5f836d2807275de15e9d44823c67a662d421a783d58f6addcef44231aa7ac029b0e450ba22
Score

10^/10

vjw0rm persistence suricata trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
  suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
  suricata
- suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
  suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencesuricatatrojanworm

behavioral2

vjw0rmpersistencesuricatatrojanworm

© 2018-2024

Terms | Privacy