vjw0rm | 39a2e082897abaaf11cc9e955d4b1dff633be28a0be463b748c3bd6dc6dfd6ec | Triage

Sharing

General

Target

a9b85388aae2c05a662703488dc484b0
Size

910KB
Sample

231222-qyxcqadce4
MD5

a9b85388aae2c05a662703488dc484b0
SHA1

461f673f7af1f372e42fd4e8e6edbd60ddbb5dc7
SHA256

39a2e082897abaaf11cc9e955d4b1dff633be28a0be463b748c3bd6dc6dfd6ec
SHA512

abd01d08176c3fd6e45407f9222d5b02d60d719ea82366c4431282a1779e28cedeb4923f0c897e8d9df3b3ee3f05d10c509c0e3861119f8a712b9cca809384a7
SSDEEP

12288:eIziPJqueLX4tD3WYFztROhdbmtdPzNiXPLqnqXHBIqRNMeM3VJcSTj/qrqx9W9y:eIeoq3WYZPtdPzE5NWfhqrAIMfCPA

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  a9b85388aae2c05a662703488dc484b0
- Size
  
  910KB
- MD5
  
  a9b85388aae2c05a662703488dc484b0
- SHA1
  
  461f673f7af1f372e42fd4e8e6edbd60ddbb5dc7
- SHA256
  
  39a2e082897abaaf11cc9e955d4b1dff633be28a0be463b748c3bd6dc6dfd6ec
- SHA512
  
  abd01d08176c3fd6e45407f9222d5b02d60d719ea82366c4431282a1779e28cedeb4923f0c897e8d9df3b3ee3f05d10c509c0e3861119f8a712b9cca809384a7
- SSDEEP
  
  12288:eIziPJqueLX4tD3WYFztROhdbmtdPzNiXPLqnqXHBIqRNMeM3VJcSTj/qrqx9W9y:eIeoq3WYZPtdPzE5NWfhqrAIMfCPA
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm