vjw0rm | 4ff9b8de1b21680ca134c0de45071a36fc926d09f3caa2bbcd7e74eb52201862 | Triage

Sharing

General

Target

ffe642e037d17d41abf97537d9d44710.js
Size

24KB
Sample

221001-jh493agfhk
MD5

ffe642e037d17d41abf97537d9d44710
SHA1

c612c264a65d6309c91c5837982f2915f6c8a297
SHA256

4ff9b8de1b21680ca134c0de45071a36fc926d09f3caa2bbcd7e74eb52201862
SHA512

4ba4218dc32c89be0b3be8e2525f2f423cadd2d867ccb0185f13fdaf0eb115d0d06eb219ce16f3879036603f2a98d5fd03350459d3eb6e718c271c4b6247c57d
SSDEEP

768:wvEBG2CDUXHoC7ZbsOJFS83VYvIDAvgBSSLtRG:wsBdCyD7ZoOeyqvIDAv/SLu

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  ffe642e037d17d41abf97537d9d44710.js
- Size
  
  24KB
- MD5
  
  ffe642e037d17d41abf97537d9d44710
- SHA1
  
  c612c264a65d6309c91c5837982f2915f6c8a297
- SHA256
  
  4ff9b8de1b21680ca134c0de45071a36fc926d09f3caa2bbcd7e74eb52201862
- SHA512
  
  4ba4218dc32c89be0b3be8e2525f2f423cadd2d867ccb0185f13fdaf0eb115d0d06eb219ce16f3879036603f2a98d5fd03350459d3eb6e718c271c4b6247c57d
- SSDEEP
  
  768:wvEBG2CDUXHoC7ZbsOJFS83VYvIDAvgBSSLtRG:wsBdCyD7ZoOeyqvIDAv/SLu
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm