vjw0rm | c956e252ffa7148f6c075e639297ab2df080920edc53e28021f3156827249ae6 | Triage

Sharing

General

Target

Proforma Invoice 3001855006.js
Size

48KB
Sample

230124-h3mp3sba3z
MD5

c64b396e9cb42b2234a3bbce8728de92
SHA1

71c018361c833fb31b8160059f95516fdaed5e2d
SHA256

c956e252ffa7148f6c075e639297ab2df080920edc53e28021f3156827249ae6
SHA512

b64c3b866497325c49dcb6c11987cf7bb0e55439d792fa8c520b97b8ebcb4d8f6d24d3715acfaeb4b51f8275c835959e81741bf928baa97804f351ad98f7501e
SSDEEP

1536:Ub5m/DuD+CWJbBG7MPI7MMdHl8aFzMKhKyM+anvJKa5YYUfMFfqUagMlGeMqmN34:Ub1uBAMPI7MMdHl8aFzMKhKyM+anvJKz

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  Proforma Invoice 3001855006.js
- Size
  
  48KB
- MD5
  
  c64b396e9cb42b2234a3bbce8728de92
- SHA1
  
  71c018361c833fb31b8160059f95516fdaed5e2d
- SHA256
  
  c956e252ffa7148f6c075e639297ab2df080920edc53e28021f3156827249ae6
- SHA512
  
  b64c3b866497325c49dcb6c11987cf7bb0e55439d792fa8c520b97b8ebcb4d8f6d24d3715acfaeb4b51f8275c835959e81741bf928baa97804f351ad98f7501e
- SSDEEP
  
  1536:Ub5m/DuD+CWJbBG7MPI7MMdHl8aFzMKhKyM+anvJKa5YYUfMFfqUagMlGeMqmN34:Ub1uBAMPI7MMdHl8aFzMKhKyM+anvJKz
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm