vjw0rm | f8273617fe63d7b1e783427b76f0b250b428648e7cb47a45bcf98fa72bc708f3 | Triage

Sharing

General

Target

048973fb1d79a1263ed70c42819520fc.zip
Size

1.2MB
Sample

231231-p27gesede3
MD5

048973fb1d79a1263ed70c42819520fc
SHA1

a0dd70a2efc0449ea432bc165ce7710332473432
SHA256

f8273617fe63d7b1e783427b76f0b250b428648e7cb47a45bcf98fa72bc708f3
SHA512

c912f0537a6c72ccac09948a86260b0786f4a70e6497be53166a6332951973e7d4b3cb025ef9a975547dfa3b18209604de426de4a846322f9a496edb0b5e62aa
SSDEEP

24576:fPbIEVaKH1GtqCnHlp8XlSE0YqkKQLpuEvESPDNpa+bKbKRFgrt7:vVDAlp8IntXEpulSPDNpa+Gu4Z7

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  KNRyOLnGcT_UKWN.jar
- Size
  
  1.2MB
- MD5
  
  5cdffc26c265c48cdbbf1aae06cc101c
- SHA1
  
  566fb395a9586ca59c4317af8b8a6e656352d5fa
- SHA256
  
  5a894d00f75d512b8b3604dabf49b049f40721a82397ac2e6bdf3f910565c737
- SHA512
  
  f0976bf6d5d35f36a8c625b5e520c94e1569da793d3d03e86bd9c6531a0ca2790f003bd5be210267081632e21964fd81936bfbad8cd9d81918666b53514058fd
- SSDEEP
  
  24576:q5P4Aday/1OtGC/HPXubl2Emy4AK+5pCwncs9hJh0+bqbK9X2XzVR:MdX8PXuIZZLkpCts9hJh0+OuIzz
Score

10^/10

vjw0rm discovery persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vjw0rmdiscoverypersistencetrojanworm