vjw0rm | 89a2a7815855b133037b34f1447fc79e5609e219a83acb670eea650d6cdb31ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Enquiry-1161222.js
Size

51KB
Sample

221012-j29znadab2
MD5

0ad118eb681ab6c9cd0fa88e91e98816
SHA1

66fb2386dd439a370cc9535b0b9178550f7664bd
SHA256

89a2a7815855b133037b34f1447fc79e5609e219a83acb670eea650d6cdb31ac
SHA512

cc58e92c3ccd0d3385702387059749f1d144de9d8aa346a5a6b9f34f00cc072a3cc7f6a09a3148e93b3ad52be2d11214bced685294acf69a7df8bd0085ca96a7
SSDEEP

768:d+6c/gBd6vKwkBpa4pUKuITIW4RqOtF4l8j/Oy1RG7JdMu6g9fzLVtHO8JPk0Jd:81CBYRfF4lE/Oy1fu6g9fPTHO8BXd

Score

10^/10

vjw0rm wshrat persistence trojan worm

Malware Config

Extracted

Family

wshrat

C2

http://185.222.57.147:1989

Targets

- Target
  
  Enquiry-1161222.js
- Size
  
  51KB
- MD5
  
  0ad118eb681ab6c9cd0fa88e91e98816
- SHA1
  
  66fb2386dd439a370cc9535b0b9178550f7664bd
- SHA256
  
  89a2a7815855b133037b34f1447fc79e5609e219a83acb670eea650d6cdb31ac
- SHA512
  
  cc58e92c3ccd0d3385702387059749f1d144de9d8aa346a5a6b9f34f00cc072a3cc7f6a09a3148e93b3ad52be2d11214bced685294acf69a7df8bd0085ca96a7
- SSDEEP
  
  768:d+6c/gBd6vKwkBpa4pUKuITIW4RqOtF4l8j/Oy1RG7JdMu6g9fzLVtHO8JPk0Jd:81CBYRfF4lE/Oy1fu6g9fPTHO8BXd
Score

10^/10

vjw0rm wshrat persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencetrojanworm

behavioral2

vjw0rmwshratpersistencetrojanworm