vjw0rm | 1aed1d8d3570a4e102cb83cf8788793db44ddf1d8d8075459c758a380d035a25 | Triage

Sharing

General

Target

INQUIRY-2706220542.js
Size

13KB
Sample

220627-j4zxgabfh5
MD5

3b479e7f75a474410a30a826ca366c63
SHA1

445f19fc72214544d3f2ab330fa5ee226dcfea66
SHA256

1aed1d8d3570a4e102cb83cf8788793db44ddf1d8d8075459c758a380d035a25
SHA512

d8332c16da5031f91e9d12f407f21fd53b4e6bedc2f9e93923236621811cbd2216632a66e6e32dadd18e14bddc69cb01cd254e4b9042ee87778d71f0ec0b6705

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  INQUIRY-2706220542.js
- Size
  
  13KB
- MD5
  
  3b479e7f75a474410a30a826ca366c63
- SHA1
  
  445f19fc72214544d3f2ab330fa5ee226dcfea66
- SHA256
  
  1aed1d8d3570a4e102cb83cf8788793db44ddf1d8d8075459c758a380d035a25
- SHA512
  
  d8332c16da5031f91e9d12f407f21fd53b4e6bedc2f9e93923236621811cbd2216632a66e6e32dadd18e14bddc69cb01cd254e4b9042ee87778d71f0ec0b6705
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm