vjw0rm | ffd8c7b85b9006ff340c180a677afc01a13eae30fdc450d0d26950676950e166 | Triage

Sharing

General

Target

Invoice Payment Confirmation.zip
Size

75KB
Sample

220906-qhs1csaefr
MD5

bb01093e60d895c63e94d0af5d8183bb
SHA1

0a0da3d48947407a054c0c1d789a1099990d4d0c
SHA256

ffd8c7b85b9006ff340c180a677afc01a13eae30fdc450d0d26950676950e166
SHA512

81bc4f072551054c9c11f6d55d992c532ff952156ad195c4bfd0e8de20879a2b763de654c41f9877953a477f1ae51afa37aa8157bc335bca2db2c5291a1e41d3
SSDEEP

1536:3+cDvmJxS2A55stj1vgEDOuNkJr61QkAFdQUb+Ru9S:/vmJM1Gj1vgiMriQ3SRu9S

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Invoice Payment Confirmation.js
- Size
  
  117KB
- MD5
  
  28b0e3a2d2890bee25ed2625747cc9ad
- SHA1
  
  0d1ed2ced8404392640392a98a6787799f7eb1fe
- SHA256
  
  98fc3031df6072dae516b48f812b063d4c3a5b536bbab8741b8188a417cdc638
- SHA512
  
  d0f371623664a03130844f2b53dab422083b44501509d5b57bec9b46d76fcf2f37a5d4da4a90db57663c146ec2039417eda8d2f5ff77fe814e0518d778687a61
- SSDEEP
  
  3072:SKKvIAMPMFVxqG051Nh1dr2cXegLJBPyNomdlkrX:SK0xMIXRkDtycugLJBP7jX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm