vjw0rm | 789e896d4629b24edcc81ea72ae6d7dca8469387665f376bfa342b4e9f06bf52 | Triage

Sharing

General

Target

24a49c42db23182b354a5672871d7656
Size

16KB
Sample

231231-c2rdzsgcbl
MD5

24a49c42db23182b354a5672871d7656
SHA1

645a4265ec79be23b68720df010b825d405a1a64
SHA256

789e896d4629b24edcc81ea72ae6d7dca8469387665f376bfa342b4e9f06bf52
SHA512

38d82603b3e3fdf5e0d43a92e9155fd3e331d3a798cb14ec58ccd9379118ce53bdb1b6f1a65e8b6d7e0c41285a0d1476bcffcbac0abea384dba1ef894912466d
SSDEEP

384:b3eeQYggN0jQXGNNS/7puQORhTYrlvmIxaN+gszMpodvQ9NlB26:DVsTQXGufO/6vU/szM1vX26

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  24a49c42db23182b354a5672871d7656
- Size
  
  16KB
- MD5
  
  24a49c42db23182b354a5672871d7656
- SHA1
  
  645a4265ec79be23b68720df010b825d405a1a64
- SHA256
  
  789e896d4629b24edcc81ea72ae6d7dca8469387665f376bfa342b4e9f06bf52
- SHA512
  
  38d82603b3e3fdf5e0d43a92e9155fd3e331d3a798cb14ec58ccd9379118ce53bdb1b6f1a65e8b6d7e0c41285a0d1476bcffcbac0abea384dba1ef894912466d
- SSDEEP
  
  384:b3eeQYggN0jQXGNNS/7puQORhTYrlvmIxaN+gszMpodvQ9NlB26:DVsTQXGufO/6vU/szM1vX26
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm