vjw0rm | dbd9fa524d604f5176c0a630dc6a33ad882a4ad924f32d0d8e926b2282830b4d | Triage

Sharing

General

Target

PO #201022.js
Size

21KB
Sample

221020-s6gncacbg2
MD5

f74ced094ebe99fa0915b28a2a8a9fc7
SHA1

49f432ab21bb4c1ea62ddbec657f1738755ebf20
SHA256

dbd9fa524d604f5176c0a630dc6a33ad882a4ad924f32d0d8e926b2282830b4d
SHA512

a9d680d940b7c39b0a4cea264aafd2efa4fbfb8e707c36ec6cfc427be0c80cc43effd3e49ddfc8beeb8f6f2eef01b91683729cca058994270ec111d00efb69ec
SSDEEP

384:caxGJXaVaJGvXNJvkHqBbY4Axobnu+1dHCrfnep0mKbx2R6j98FTApF0Z6/tfmBS:cXJXdkNqHqBU4CobuAsU01b8Teo61feS

Score

10^/10

vjw0rm trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://breakchian.duckdns.org:7974

Targets

- Target
  
  PO #201022.js
- Size
  
  21KB
- MD5
  
  f74ced094ebe99fa0915b28a2a8a9fc7
- SHA1
  
  49f432ab21bb4c1ea62ddbec657f1738755ebf20
- SHA256
  
  dbd9fa524d604f5176c0a630dc6a33ad882a4ad924f32d0d8e926b2282830b4d
- SHA512
  
  a9d680d940b7c39b0a4cea264aafd2efa4fbfb8e707c36ec6cfc427be0c80cc43effd3e49ddfc8beeb8f6f2eef01b91683729cca058994270ec111d00efb69ec
- SSDEEP
  
  384:caxGJXaVaJGvXNJvkHqBbY4Axobnu+1dHCrfnep0mKbx2R6j98FTApF0Z6/tfmBS:cXJXdkNqHqBU4CobuAsU01b8Teo61feS
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm