vjw0rm | 878515aa4b2f6edb65201aa9946331781c71b1de80dccba2b16461336a2e2031 | Triage

Sharing

General

Target

QuotePRNoPR0078966js.js
Size

2.7MB
Sample

230627-rpe8hsfd3t
MD5

11787e302194face53158981dd1287ad
SHA1

db9f3e778c2a89ed5fbe974b9e0fbb01694dfad2
SHA256

878515aa4b2f6edb65201aa9946331781c71b1de80dccba2b16461336a2e2031
SHA512

62a6639cb6d7f579055cba4eaa7fd1d278fd8bfb14caeb6c2dd9010b84d0d6d0979eb1b6422567a6a3a1b1d3b16be67ff8f62b8c2fa99d44d89b5309010f1203
SSDEEP

24576:ZvCtCaKHazWgAjNbQtkYzN/Z1KsftoAhSAJxjHy9TYbiYY5HXH3Fx0X7HGqLGaTl:mBt

Score

10^/10

vjw0rm wshrat persistence trojan worm

Malware Config

Extracted

Family

wshrat

C2

http://79.110.49.161:2050

Targets

- Target
  
  QuotePRNoPR0078966js.js
- Size
  
  2.7MB
- MD5
  
  11787e302194face53158981dd1287ad
- SHA1
  
  db9f3e778c2a89ed5fbe974b9e0fbb01694dfad2
- SHA256
  
  878515aa4b2f6edb65201aa9946331781c71b1de80dccba2b16461336a2e2031
- SHA512
  
  62a6639cb6d7f579055cba4eaa7fd1d278fd8bfb14caeb6c2dd9010b84d0d6d0979eb1b6422567a6a3a1b1d3b16be67ff8f62b8c2fa99d44d89b5309010f1203
- SSDEEP
  
  24576:ZvCtCaKHazWgAjNbQtkYzN/Z1KsftoAhSAJxjHy9TYbiYY5HXH3Fx0X7HGqLGaTl:mBt
Score

10^/10

vjw0rm wshrat persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmwshratpersistencetrojanworm

behavioral2

vjw0rmwshratpersistencetrojanworm