vjw0rm | 754416cc0f441aef7bacb842368fd06744048c4219943d5bd093e2a7e17f9267 | Triage

Sharing

General

Target

DHL SHIPMENT INVOICE.pdf.js
Size

48KB
Sample

221227-k9md1ahg7w
MD5

8aa5dd5a8392d399292fd831f9ebc486
SHA1

b7815f4df84394870dd7ca91c731fe606f726afd
SHA256

754416cc0f441aef7bacb842368fd06744048c4219943d5bd093e2a7e17f9267
SHA512

82b1f15b16f4f73947165084ecdcf9ef28ec02f29ceb86eb1ba831c9b2d561d72c311965532a363bd03cbcca0f8497acf8e9a3672c29a86cfe71ef1aa4e4e78a
SSDEEP

768:9ELx847vqNaCQVUmobI2iSi5B7sqkl3enKxNH7sse:W4Q8xsB7sqkW8NHI5

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  DHL SHIPMENT INVOICE.pdf.js
- Size
  
  48KB
- MD5
  
  8aa5dd5a8392d399292fd831f9ebc486
- SHA1
  
  b7815f4df84394870dd7ca91c731fe606f726afd
- SHA256
  
  754416cc0f441aef7bacb842368fd06744048c4219943d5bd093e2a7e17f9267
- SHA512
  
  82b1f15b16f4f73947165084ecdcf9ef28ec02f29ceb86eb1ba831c9b2d561d72c311965532a363bd03cbcca0f8497acf8e9a3672c29a86cfe71ef1aa4e4e78a
- SSDEEP
  
  768:9ELx847vqNaCQVUmobI2iSi5B7sqkl3enKxNH7sse:W4Q8xsB7sqkW8NHI5
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm