vjw0rm | 2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8 | Triage

Submit
Reports

Overview

overview

Static

static

1

53d9dc9fa9...e6b.js

windows7-x64

53d9dc9fa9...e6b.js

windows10-2004-x64

Sharing

General

Target

53d9dc9fa9cc34f33fe03b7c5f5fce6b.unknown
Size

1.1MB
Sample

240111-yxkljafdfk
MD5

53d9dc9fa9cc34f33fe03b7c5f5fce6b
SHA1

8d906ed4bfd58c0220765721298ce2e75256b568
SHA256

2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8
SHA512

baa55aa8cad643bf63ef21b6413d4bd3fb92c702588f95b650187b06189ae2a191945a777856662fd5d0801115700e4c7a6de3143b1e03a5bb666040bfdb1ca7
SSDEEP

24576:VnnSnOBVKSjE0WomnrAXLjEYwbsC6fwC1prbsHn0NO2IOU:lcnraeWHrAg0J

Score

10^/10

vjw0rm zgrat persistence rat trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

53d9dc9fa9cc34f33fe03b7c5f5fce6b.js

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

53d9dc9fa9cc34f33fe03b7c5f5fce6b.js

Resource

win10v2004-20231215-en

vjw0rm persistence trojan worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  53d9dc9fa9cc34f33fe03b7c5f5fce6b.unknown
- Size
  
  1.1MB
- MD5
  
  53d9dc9fa9cc34f33fe03b7c5f5fce6b
- SHA1
  
  8d906ed4bfd58c0220765721298ce2e75256b568
- SHA256
  
  2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8
- SHA512
  
  baa55aa8cad643bf63ef21b6413d4bd3fb92c702588f95b650187b06189ae2a191945a777856662fd5d0801115700e4c7a6de3143b1e03a5bb666040bfdb1ca7
- SSDEEP
  
  24576:VnnSnOBVKSjE0WomnrAXLjEYwbsC6fwC1prbsHn0NO2IOU:lcnraeWHrAg0J
Score

10^/10

zgrat rat vjw0rm persistence trojan worm
- Detect ZGRat V1
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vjw0rmpersistencetrojanworm

© 2018-2025

Terms | Privacy