vjw0rm | 3f5a623301740e9a78429d41530fde0492026f3cf97d7b1e1fb91babf0c89d06 | Triage

Sharing

General

Target

Orden_de_embargo__pdf.uue
Size

493KB
Sample

230324-hfa3rseg9t
MD5

92f2282b87500e251512ba36339c87ac
SHA1

c660904ceec0edbe032b3b7bdb79cb4edc8e2065
SHA256

3f5a623301740e9a78429d41530fde0492026f3cf97d7b1e1fb91babf0c89d06
SHA512

0edd377c79387e38a0afe6c77f6975c84ba19b742720eebe50f70a38f1ac274c6ccf53dbc4ec3e2b80425e3f8fae59d878eb84254854ececcd8e2d4752d9c285
SSDEEP

12288:uxpxC5LztkGPXk2dFlMdT2MN+IU9ACpJkK:ApxgLzigKd6CCpZ

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Orden_de_embargo__pdf.scr
- Size
  
  697KB
- MD5
  
  08d0d2ae2030e26e3257869f0c1129e4
- SHA1
  
  c82aa06abed5ea9ead115e5a83d49183519f20de
- SHA256
  
  4c3bf5e59687731fbbbfbce763a4e097cd3863fd39773fc2e6189a2658dfb1a5
- SHA512
  
  65fb86ed49c510ea4a3f622b4cb9affed0358ff50f96d937b7345d1b0e92916a9bc527a4558ffbe9205be6b6c86f4403d60afc5e0d1d1ab29e03cdfcc8e4e3dc
- SSDEEP
  
  12288:soVl2TmnvZAdJ41JHQbYEAmDJAb8f+jtT6vcxXiFmxG4yeXnCugYUU87UF:9VgmnudJ41JhQLmT6ijxr3zUH7UF
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm