vjw0rm | 34de6de1c42174a1529b1e2920c51b1efa300fff48902e5a8a3836817e12c25b | Triage

Submit
Reports

Overview

overview

Static

static

Confirmati...906.js

windows7-x64

Confirmati...906.js

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Confirmation transfer Copy MT103 Ref-101019906.js
Size

353KB
Sample

220907-m2tt8abha6
MD5

3e4abaeae68b400b3bb636286f0aafa7
SHA1

46aeb3dada4871e84cb7eeed98e9e94e10ceab3b
SHA256

34de6de1c42174a1529b1e2920c51b1efa300fff48902e5a8a3836817e12c25b
SHA512

28e6ef967408193b99d4ce4faa8f15fb334ffbe178156d4ba2e7f7849b57a6fe5d82c34bce7e8ea56997a076931d36792793948f6ccbeef1f97f82616996a959
SSDEEP

6144:tC5Lz6L8qNMaXlcWa+syZ3hL0sG6ZPmY4JGrx01gqyvCKaT80S2gGxC:tCtHa1cvVihL7GUSGKgzaRY0S2JxC

Score

10^/10

vjw0rm persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

Confirmation transfer Copy MT103 Ref-101019906.js

Resource

win7-20220812-en

vjw0rm persistence trojan worm

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Confirmation transfer Copy MT103 Ref-101019906.js

Resource

win10v2004-20220901-en

vjw0rm persistence spyware stealer trojan worm

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Confirmation transfer Copy MT103 Ref-101019906.js
- Size
  
  353KB
- MD5
  
  3e4abaeae68b400b3bb636286f0aafa7
- SHA1
  
  46aeb3dada4871e84cb7eeed98e9e94e10ceab3b
- SHA256
  
  34de6de1c42174a1529b1e2920c51b1efa300fff48902e5a8a3836817e12c25b
- SHA512
  
  28e6ef967408193b99d4ce4faa8f15fb334ffbe178156d4ba2e7f7849b57a6fe5d82c34bce7e8ea56997a076931d36792793948f6ccbeef1f97f82616996a959
- SSDEEP
  
  6144:tC5Lz6L8qNMaXlcWa+syZ3hL0sG6ZPmY4JGrx01gqyvCKaT80S2gGxC:tCtHa1cvVihL7GUSGKgzaRY0S2JxC
Score

10^/10

vjw0rm persistence trojan worm spyware stealer
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencespywarestealertrojanworm

© 2018-2025

Terms | Privacy