vjw0rm | 947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e | Triage

Sharing

General

Target

SHIPPING DOC MBL No - DBA0280069.js
Size

172KB
Sample

230120-ygzqhsbe5w
MD5

d4ea1f6762b4782215754a8061bf0473
SHA1

ceb22743fb1c5aacea84c7fd36bca5f0143d67d5
SHA256

947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e
SHA512

9288d3a09dd476286b9d9aeb2ed191e862a1106bbfcd1345e13ecd7c26c38c6f201ea32bc0a1eab059b5f21f64a9f652e5ac39610ffb58ddb1f2337db80c729e
SSDEEP

3072:3fQZjwOSHmOn624MfIaQ6VAOLI8p7MdMQDE3saiXusMF1bnvzUP7iZFt6ooHMhJn:PMj4xNu/4

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  SHIPPING DOC MBL No - DBA0280069.js
- Size
  
  172KB
- MD5
  
  d4ea1f6762b4782215754a8061bf0473
- SHA1
  
  ceb22743fb1c5aacea84c7fd36bca5f0143d67d5
- SHA256
  
  947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e
- SHA512
  
  9288d3a09dd476286b9d9aeb2ed191e862a1106bbfcd1345e13ecd7c26c38c6f201ea32bc0a1eab059b5f21f64a9f652e5ac39610ffb58ddb1f2337db80c729e
- SSDEEP
  
  3072:3fQZjwOSHmOn624MfIaQ6VAOLI8p7MdMQDE3saiXusMF1bnvzUP7iZFt6ooHMhJn:PMj4xNu/4
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm