vjw0rm | fed6e6111eb6ef3d7d229ae1b88e2d641960a649cdf20e644073dd4ddbd1f624 | Triage

Sharing

General

Target

paymentref062322pdf.js
Size

329KB
Sample

220623-gzwm5sbhhr
MD5

d7ae71a84f14783b8967f0c212c11a40
SHA1

b6e65a134ed9ea8af13f15afecbda176efc670f3
SHA256

fed6e6111eb6ef3d7d229ae1b88e2d641960a649cdf20e644073dd4ddbd1f624
SHA512

5da6b457008fb251da48425a8b3095bcdd5013009f14300b7d8537ed1de2da87060251cdbcaaa1d53e01e95025c50d60a5aabde160d9c8f2fd5b67d2d7946f1c

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://vjmworks.ddns.net:4040

Targets

- Target
  
  paymentref062322pdf.js
- Size
  
  329KB
- MD5
  
  d7ae71a84f14783b8967f0c212c11a40
- SHA1
  
  b6e65a134ed9ea8af13f15afecbda176efc670f3
- SHA256
  
  fed6e6111eb6ef3d7d229ae1b88e2d641960a649cdf20e644073dd4ddbd1f624
- SHA512
  
  5da6b457008fb251da48425a8b3095bcdd5013009f14300b7d8537ed1de2da87060251cdbcaaa1d53e01e95025c50d60a5aabde160d9c8f2fd5b67d2d7946f1c
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm