vjw0rm | e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7 | Triage

Submit
Reports

Overview

overview

Static

static

3

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

542KB
Sample

230514-dqqhzsae53
MD5

30260b612d994b6c7e5ff1febcb9a157
SHA1

64d927347d0c0786527532d86949919c076321c1
SHA256

e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7
SHA512

8500466304076fd8fe5165b7e8b00830ffd530a9d7949b01dfd49131381da6ea3330bcbe8a8e1db9fce11395300334339c475ea33bef9dc0eab489c104aed7c5
SSDEEP

12288:UfIub9KMhn1PtO9yD34A81qsEh67FplSb2N8AF+IxOSEEmQiv0df8s/RcSklTWk:kIuYAJ4Ms/bh

Score

10^/10

vjw0rm wshrat persistence trojan worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

vjw0rm wshrat persistence trojan worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

vjw0rm wshrat persistence trojan worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  542KB
- MD5
  
  30260b612d994b6c7e5ff1febcb9a157
- SHA1
  
  64d927347d0c0786527532d86949919c076321c1
- SHA256
  
  e7d462e5da40d278f0f004f291e44fde3af0d6a3b95551319c4a6555bcc2eea7
- SHA512
  
  8500466304076fd8fe5165b7e8b00830ffd530a9d7949b01dfd49131381da6ea3330bcbe8a8e1db9fce11395300334339c475ea33bef9dc0eab489c104aed7c5
- SSDEEP
  
  12288:UfIub9KMhn1PtO9yD34A81qsEh67FplSb2N8AF+IxOSEEmQiv0df8s/RcSklTWk:kIuYAJ4Ms/bh
Score

10^/10

vjw0rm wshrat persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- WSHRAT payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencetrojanworm

behavioral2

vjw0rmwshratpersistencetrojanworm

© 2018-2025

Terms | Privacy