vjw0rm | e6a1e467986946fec245767752bfdb0b627488834769bc4ea18cfe5416ca97c8 | Triage

Sharing

General

Target

shipment_details.js
Size

4.2MB
Sample

230515-ysbg3ahb95
MD5

fa2dccbcd1a13b5ed4a37cfe2f6bd98e
SHA1

e9bfca02fe3610209e4d978706fb0ffa708c23de
SHA256

e6a1e467986946fec245767752bfdb0b627488834769bc4ea18cfe5416ca97c8
SHA512

d7fff2cb89edf7ec8d7e8e3c87c339a0d89b9ce90245985f27bcbd59c2cfb27dfb9e757fe5cae6b33728def4221ef1e2a7bca8876be36dd3d54ae86db5837ff8
SSDEEP

24576:DLXDS1oAQLfjv/dcBBEKURJFxCl4V0lZ3LUua5qTV/+GuPII+yo6gcuXoHmGt7SA:KgPFV5

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  shipment_details.js
- Size
  
  4.2MB
- MD5
  
  fa2dccbcd1a13b5ed4a37cfe2f6bd98e
- SHA1
  
  e9bfca02fe3610209e4d978706fb0ffa708c23de
- SHA256
  
  e6a1e467986946fec245767752bfdb0b627488834769bc4ea18cfe5416ca97c8
- SHA512
  
  d7fff2cb89edf7ec8d7e8e3c87c339a0d89b9ce90245985f27bcbd59c2cfb27dfb9e757fe5cae6b33728def4221ef1e2a7bca8876be36dd3d54ae86db5837ff8
- SSDEEP
  
  24576:DLXDS1oAQLfjv/dcBBEKURJFxCl4V0lZ3LUua5qTV/+GuPII+yo6gcuXoHmGt7SA:KgPFV5
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm