vjw0rm | 942072bbb5d710fb261e082bf5ba051d7fe03e27fd7c79188712614bb24c131d | Triage

Sharing

General

Target

1401-4061-pdf.js
Size

138KB
Sample

220628-l3dc7agfdj
MD5

8a5e28d0a4a55865ee0aa1d4c4a14c7e
SHA1

c42cf3a4993b9a7fe7d0ad9ea788a6f7744ccff7
SHA256

942072bbb5d710fb261e082bf5ba051d7fe03e27fd7c79188712614bb24c131d
SHA512

ed78f4a71bd17d68fbe44cca7056fad6f653367afda0f6a3f9b6127ece981c754c6f07ee26a69486f3fb5760c3fecfc1c60b46b5ee79739cac02e1f89eb0e0af

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  1401-4061-pdf.js
- Size
  
  138KB
- MD5
  
  8a5e28d0a4a55865ee0aa1d4c4a14c7e
- SHA1
  
  c42cf3a4993b9a7fe7d0ad9ea788a6f7744ccff7
- SHA256
  
  942072bbb5d710fb261e082bf5ba051d7fe03e27fd7c79188712614bb24c131d
- SHA512
  
  ed78f4a71bd17d68fbe44cca7056fad6f653367afda0f6a3f9b6127ece981c754c6f07ee26a69486f3fb5760c3fecfc1c60b46b5ee79739cac02e1f89eb0e0af
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm