vjw0rm | a4ef0bc3f82a7a6537974caa2a3c8cbcc1611aca0c80303591bcd401f05b3a2f | Triage

Sharing

General

Target

DOC290823-29082023144405.js
Size

24KB
Sample

230901-rdccgsfa5v
MD5

4bd43de1ae996231fc4bdad4e31acc18
SHA1

40867d1931e30eea677eceb397e29bece3bbc348
SHA256

a4ef0bc3f82a7a6537974caa2a3c8cbcc1611aca0c80303591bcd401f05b3a2f
SHA512

d49612cc30985c7453ee7366514cd501ad7b4ae27c24e71def2fee63f276779ff6cb02b24d4165ee6ba3e9c2ba8f1dcfc3e79a1fb47f85608996c7b2c0e8fca6
SSDEEP

768:xjbJzKjG920H6q7DLW4pewkrEHIYz9E3HgR:BNeG9T6qzHqrEoYhigR

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://severdops.ddns.net:5050

Targets

- Target
  
  DOC290823-29082023144405.js
- Size
  
  24KB
- MD5
  
  4bd43de1ae996231fc4bdad4e31acc18
- SHA1
  
  40867d1931e30eea677eceb397e29bece3bbc348
- SHA256
  
  a4ef0bc3f82a7a6537974caa2a3c8cbcc1611aca0c80303591bcd401f05b3a2f
- SHA512
  
  d49612cc30985c7453ee7366514cd501ad7b4ae27c24e71def2fee63f276779ff6cb02b24d4165ee6ba3e9c2ba8f1dcfc3e79a1fb47f85608996c7b2c0e8fca6
- SSDEEP
  
  768:xjbJzKjG920H6q7DLW4pewkrEHIYz9E3HgR:BNeG9T6qzHqrEoYhigR
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm