vjw0rm | 9060f5e5675f06ff2744114c852ada2f5b146144cec99457f7435c529426fa81 | Triage

Sharing

General

Target

PO N°CF004303.js
Size

45KB
Sample

221123-q1t1dafd37
MD5

fb075b3dbae613fee795bef80bf3eebc
SHA1

f9156e2680111c34a5a56cc3fb36d86742db6ff8
SHA256

9060f5e5675f06ff2744114c852ada2f5b146144cec99457f7435c529426fa81
SHA512

2e0a57c232afd7516fe98a2a27eae9d8dd97097a9f580a742faa6979a9ab492ef3c1d55de7fb429854482447f7ada6c61a9de171747a4152196aaf711ecabe9c
SSDEEP

768:NZLXAlESuz9e/oRmQSL0UvOcVzNf37JxEJNvsgiyYO1x:4iS9/wmQSLQWfX+UAYOH

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  PO N°CF004303.js
- Size
  
  45KB
- MD5
  
  fb075b3dbae613fee795bef80bf3eebc
- SHA1
  
  f9156e2680111c34a5a56cc3fb36d86742db6ff8
- SHA256
  
  9060f5e5675f06ff2744114c852ada2f5b146144cec99457f7435c529426fa81
- SHA512
  
  2e0a57c232afd7516fe98a2a27eae9d8dd97097a9f580a742faa6979a9ab492ef3c1d55de7fb429854482447f7ada6c61a9de171747a4152196aaf711ecabe9c
- SSDEEP
  
  768:NZLXAlESuz9e/oRmQSL0UvOcVzNf37JxEJNvsgiyYO1x:4iS9/wmQSLQWfX+UAYOH
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm