vjw0rm | 947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e | Triage

Sharing

General

Target

SHIPPING DOC MBL No - DBA0280069.js
Size

172KB
Sample

230120-ygzqhsbe5w
MD5

d4ea1f6762b4782215754a8061bf0473
SHA1

ceb22743fb1c5aacea84c7fd36bca5f0143d67d5
SHA256

947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e
SHA512

9288d3a09dd476286b9d9aeb2ed191e862a1106bbfcd1345e13ecd7c26c38c6f201ea32bc0a1eab059b5f21f64a9f652e5ac39610ffb58ddb1f2337db80c729e
SSDEEP

3072:3fQZjwOSHmOn624MfIaQ6VAOLI8p7MdMQDE3saiXusMF1bnvzUP7iZFt6ooHMhJn:PMj4xNu/4

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  SHIPPING DOC MBL No - DBA0280069.js
- Size
  
  172KB
- MD5
  
  d4ea1f6762b4782215754a8061bf0473
- SHA1
  
  ceb22743fb1c5aacea84c7fd36bca5f0143d67d5
- SHA256
  
  947e1f1f0903f66206d335fa3d1774b06305c9f2e3cb12a725e60d12de40d54e
- SHA512
  
  9288d3a09dd476286b9d9aeb2ed191e862a1106bbfcd1345e13ecd7c26c38c6f201ea32bc0a1eab059b5f21f64a9f652e5ac39610ffb58ddb1f2337db80c729e
- SSDEEP
  
  3072:3fQZjwOSHmOn624MfIaQ6VAOLI8p7MdMQDE3saiXusMF1bnvzUP7iZFt6ooHMhJn:PMj4xNu/4
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm