vjw0rm | f9fe2b05da5d50dd2d8f39222e279ffc860785a3f72aac7954147bb6ef26a029 | Triage

Sharing

General

Target

Quarantined Messages.zip
Size

10KB
Sample

230409-akchdsga28
MD5

e1e71bae01093564b24d15d19c1750cb
SHA1

bd0676f51dcaff6a75e6f1887982c3fdda5b2978
SHA256

f9fe2b05da5d50dd2d8f39222e279ffc860785a3f72aac7954147bb6ef26a029
SHA512

29b3696aca2ac08c2d2fa056f73fcb8e3a1a53aa96afdba079289028eb4c65214fc0b42d8b5a63c380e19757a755e52350458ebddd9cd097998ca997fdb94a96
SSDEEP

192:joyUirsfW9tPweIY4JggAcIPJEtSgdtFzl6WwnmszliJmkUpjZi0UKHqYJIS:kiYW9tYeB5JEtSCtFMWwmsz4gkGiQHhv

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Notification of ACH Payment submitted on 06.04.2022.js
- Size
  
  7KB
- MD5
  
  e7aaf9c2ba37b07ef6fb5095c33a3291
- SHA1
  
  1ce3f19e22ce5e5ea5e3aa2f4040a72ffee71c1a
- SHA256
  
  aac9ba1b7dca4d9b37d7da50d65c007eaf0186a8d6563af2dce88949769df5e0
- SHA512
  
  b18a0f721cab94a670352c2caaf1163d24f2def543cf6770bbb71b308a2c17f1ac958e924200cbd5c1e57c7a6bda23da80347d5073eadea6c75691976ca73247
- SSDEEP
  
  192:AnLaaZtNLxXl+iUwLEa9LBONqtrUySocoSggX:AnLZtNTE4OMrSVFX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm