vjw0rm | bdab468e09e09e94af0df6fc3978789712d8b8188276660b7281d39aa27f7a2c | Triage

Sharing

General

Target

e8150ba03200183abce718f6b028b2c3.bin
Size

1.3MB
Sample

230607-dnptnsgg23
MD5

cb055da757e1a29d4949e200591a247e
SHA1

acddc1ff9c8f52d618ee22be66b6992b07004eae
SHA256

bdab468e09e09e94af0df6fc3978789712d8b8188276660b7281d39aa27f7a2c
SHA512

6ede4586ea12f7ae4f415709c3ab3b813b21e240658fdc2be4013ff7416fcbe169b51d3c8bc3ed04ca132f2fc1a40ce5255287ddca7b214f86a9f39b5e7a7431
SSDEEP

24576:nFHOqHH+zp1zVhSd47HCe0SO8JGCqZBQJnXanisjQPYx2C9gp48+193pBc/3DpMK:nhHHkp1z+YHf02JcBvrsO9gp4p93Xcr9

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  3f3ee13d1a86d8f63c3c730556cfcff2a1f8d22980fdc001b5240ce7315dcd23.js
- Size
  
  4.6MB
- MD5
  
  e8150ba03200183abce718f6b028b2c3
- SHA1
  
  606491a54f6dc244fc533317a0f936b818de9a4c
- SHA256
  
  3f3ee13d1a86d8f63c3c730556cfcff2a1f8d22980fdc001b5240ce7315dcd23
- SHA512
  
  4aa7fd5b696933155143f66a54785c48ff368bb6fbf7f5afcc24ababd2436c31b0d847f32b3d66888867f179a34dd9284a9c9a8f54f3f96ea23601804bafacb5
- SSDEEP
  
  24576:p5K1gGMDzG6PbjQ46Te9iEQokfhrC/SwzkfHGi9xM7LHyG9XqUrQdAtzkTGCJTrK:G3Fmv
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm