vjw0rm | aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0 | Triage

Sharing

General

Target

Notification of ACH Payment submitted on 06.04.2022.js
Size

7KB
Sample

230407-q3b8cahc67
MD5

e7aaf9c2ba37b07ef6fb5095c33a3291
SHA1

1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
SHA256

aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
SHA512

b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
SSDEEP

192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Notification of ACH Payment submitted on 06.04.2022.js
- Size
  
  7KB
- MD5
  
  e7aaf9c2ba37b07ef6fb5095c33a3291
- SHA1
  
  1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
- SHA256
  
  aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
- SHA512
  
  b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
- SSDEEP
  
  192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm