vjw0rm | 610726331bd48601f6762f3931e423635a85a9488ea214b76c95db2a1a3b339b | Triage

Submit
Reports

Overview

overview

Static

static

Inquiry.js

windows7-x64

Inquiry.js

windows10-2004-x64

Sharing

General

Target

Inquiry.zip
Size

878KB
Sample

230130-p4js5sca9x
MD5

0da88da1572c6e7185569f16f08ef12a
SHA1

d90704f250082a1e617d35cfbbcb7cce8290dff3
SHA256

610726331bd48601f6762f3931e423635a85a9488ea214b76c95db2a1a3b339b
SHA512

5873c0cf9ddc25488215d63b098c5e0da399d3eea550b55bafaa80c64aa639f95d4ab0f8d097693c31aeb7703f0ee4c31e5929abb78b1cf9c855735860e2c8c0
SSDEEP

24576:rfDxXdCtfjxw8iNaV45Rjtqz/cmbx7g2P7M2SVxIyTQ:rLxNCtfdb5V459UXl7G2OTQ

Score

10^/10

vjw0rm collection spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

Inquiry.js

Resource

win7-20220901-en

vjw0rm collection spyware stealer trojan worm

windows7-x64

17 signatures

600 seconds

Behavioral task

behavioral2

Sample

Inquiry.js

Resource

win10v2004-20220812-en

vjw0rm collection spyware stealer trojan worm

windows10-2004-x64

15 signatures

600 seconds

Malware Config

Targets

- Target
  
  Inquiry.js
- Size
  
  1.3MB
- MD5
  
  443caa6bef67a2be0e4bcec86619683e
- SHA1
  
  24801da9b7ee6f3bea3a877b4f2e1e5592d27a7c
- SHA256
  
  772fd8b1137becb5b3697fb1e10ba79f31367c7402d06235f96fc214d0338327
- SHA512
  
  eccc636da9661159c0e500e4eaa3cda94f1ceb220c766459e97ca759c289a0e70522f4cd12d60a4aa6d1ac98a2ef8594c0aff49976087397711cf3b1edbfe6d6
- SSDEEP
  
  24576:dwgFD4BiYRWfbd/RgU+FnkCt3fANRbonYMk37CMYY3lPg:dwgFD2ic6hRgU+1RuPoeYYK
Score

10^/10

vjw0rm collection spyware stealer trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

vjw0rmcollectionspywarestealertrojanworm

behavioral2

vjw0rmcollectionspywarestealertrojanworm

© 2018-2024

Terms | Privacy