vjw0rm

General

Target

SPI MARINE.zip
Size

1.7MB
Sample

230112-pnzvesbf8z
MD5

65f0b92ee374f67acdf5d4e7e0c7d32f
SHA1

44c0e28270d1835ab2ee52e38163b7c19262ab6e
SHA256

db175d3609c2110d570e848c5c7750821ca84fd55b67aab2d195b2ee435c6daa
SHA512

ad8964de27abb862ac269c0c0e05864494e100df477bee2528e38db4beef3bdc1ca9f35e1050d85ad63c879f6564d8512b09694f60f009c00642146ea2375bc4
SSDEEP

49152:V5F+ypkz2VD7fMjk2vRiNnJZfLIiK2yCe0CiKO6:V5bmzo6k2ZiNnJNLIiKzx0DKO6

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.agritrader.net.ve
Port:
587
Username:
[email protected]
Password:
f=hq-Jgicgp3

Targets

- Target
  
  SPI MARINE.js
- Size
  
  1.4MB
- MD5
  
  520428e8d0eb089f381439c7877482a8
- SHA1
  
  4ece1f572b9e1eeff87287938198f7e75d99eda0
- SHA256
  
  ceaa4d371a7d05ee9dc926777f30684b0acd7ea78c745a8d1b3eaa77b6e85e55
- SHA512
  
  76ccd734760ff90ef8abfc2ebf36fb67d4924091a9a8fd626ad9722bd2fb42ab5b5a199a2e8baeac898eaba636b8e1a269c06c5f3d4813d4cd3b38e980ceda0b
- SSDEEP
  
  12288:E0PM6alqrN4P5/TJVnNRVRuCVPWYZYryTmp9V8wFfrPTKR4NVyqxSuogqmNx2plw:9IlqK1TJVP/VPWMYkwFfrmHqxLx1l3Hh
Score

10^/10

vjw0rm collection spyware stealer trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  SPI MARINE1.js
- Size
  
  1.3MB
- MD5
  
  9ada0e7d8b3fd0b3b5509e961f8f69cb
- SHA1
  
  109f9a3ee9975fb1535b929a259de4c6de8a26a2
- SHA256
  
  f293561f8a8432c1f92858eff79fa9cb0dce4292687f09a6ee1ea52cb395961d
- SHA512
  
  3ef03e77c5f6b18c820773ae839cb74dbba1c24f5b0409bf304002dcb77360a52bdffafdc65a62a5782d7e4944cfaff75441527648b0d53c393c9a327659fc08
- SSDEEP
  
  24576:D6TEbroV1XoNqO52U8efYc/UmTU1TVEcH51NW6:WAIrA52UpTK9G6
Score

10^/10

vjw0rm collection spyware stealer trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4