vjw0rm | e835762f9005924946dbde6b9d9bbf55d7cc360ad4dc371e429f21e0feccab48 | Triage

Sharing

General

Target

Proforma Invoice 3001855006.zip
Size

15KB
Sample

230119-swhsnagd75
MD5

a54834c37028fe7b6e04502fb6ebd8c3
SHA1

91673604551eb08aa8bc7fb742570a225df6e979
SHA256

e835762f9005924946dbde6b9d9bbf55d7cc360ad4dc371e429f21e0feccab48
SHA512

515587c2fb11fb88fdfe1f202f138696149824557a557bc0d2baa12fb10fe558d679cf37d025fdafdd20e7158b3c04511081711e2dbaa1a54f607c7c1c24ed02
SSDEEP

384:oPPa5cCvibP9F9yyXqg3Y8R7qIbQvmONMMaWo/swZZR:oRC67LtqmR7qI8vmOSwc3

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  Proforma Invoice 3001855006.js
- Size
  
  48KB
- MD5
  
  c64b396e9cb42b2234a3bbce8728de92
- SHA1
  
  71c018361c833fb31b8160059f95516fdaed5e2d
- SHA256
  
  c956e252ffa7148f6c075e639297ab2df080920edc53e28021f3156827249ae6
- SHA512
  
  b64c3b866497325c49dcb6c11987cf7bb0e55439d792fa8c520b97b8ebcb4d8f6d24d3715acfaeb4b51f8275c835959e81741bf928baa97804f351ad98f7501e
- SSDEEP
  
  1536:Ub5m/DuD+CWJbBG7MPI7MMdHl8aFzMKhKyM+anvJKa5YYUfMFfqUagMlGeMqmN34:Ub1uBAMPI7MMdHl8aFzMKhKyM+anvJKz
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm