vjw0rm | bc6b3044943128e9f326b4c0bde41375596254ac5fb4f0e8c00c2eef33688247 | Triage

Sharing

General

Target

AWB#6375872554.pdf.js
Size

267KB
Sample

221227-k9md1aef27
MD5

641d80a70da56a8b33cbaff530cf6d2e
SHA1

9dc182e6dd82a28c2546583bdd2c4d7a86f70aeb
SHA256

bc6b3044943128e9f326b4c0bde41375596254ac5fb4f0e8c00c2eef33688247
SHA512

f0de610da7b3be90db1c591a973fde1da4f6c2e6b27e388d3d7086e1ad975de1d9c645beff98c0b7f193438839d29a36c059f17fe874d7d4ce31feda39228481
SSDEEP

3072:U/YirPgDvzlvtD636gUNgUmMuUbemcVGHQmC+DYUzSsqbDrCPx7Yvgke/ikIS363:JpvtD6DumBVGHbrSPrCpkvM3RlP6Rb

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  AWB#6375872554.pdf.js
- Size
  
  267KB
- MD5
  
  641d80a70da56a8b33cbaff530cf6d2e
- SHA1
  
  9dc182e6dd82a28c2546583bdd2c4d7a86f70aeb
- SHA256
  
  bc6b3044943128e9f326b4c0bde41375596254ac5fb4f0e8c00c2eef33688247
- SHA512
  
  f0de610da7b3be90db1c591a973fde1da4f6c2e6b27e388d3d7086e1ad975de1d9c645beff98c0b7f193438839d29a36c059f17fe874d7d4ce31feda39228481
- SSDEEP
  
  3072:U/YirPgDvzlvtD636gUNgUmMuUbemcVGHQmC+DYUzSsqbDrCPx7Yvgke/ikIS363:JpvtD6DumBVGHbrSPrCpkvM3RlP6Rb
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm