vjw0rm | a9d56c2aaf9c1885ac43e22fb44a03fd7c5bfb279e085877028f5aae9c898901 | Triage

Sharing

General

Target

629f8999b4ec2a1bc2ae34acb1c13407
Size

202KB
Sample

240117-pp53tsfga2
MD5

629f8999b4ec2a1bc2ae34acb1c13407
SHA1

ba6f828410418a011505ecc46531f8e41d7c8aa7
SHA256

a9d56c2aaf9c1885ac43e22fb44a03fd7c5bfb279e085877028f5aae9c898901
SHA512

f04832457db6157b6c209af2b12352210b962146f69150316958df28a6765be1109f0fe72123bef3a05f612b6493e84a02a5148f706bf84c982b758c79933b2f
SSDEEP

3072:AVq6TAShnhRrF+Uyd2mfrZcvCU2fRxF/bIJFnrYoQNpUBARmXgjn2yPAvnX7EMv:QTtRrFCdLfSR2f9/egMimGPQnXoMv

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  629f8999b4ec2a1bc2ae34acb1c13407
- Size
  
  202KB
- MD5
  
  629f8999b4ec2a1bc2ae34acb1c13407
- SHA1
  
  ba6f828410418a011505ecc46531f8e41d7c8aa7
- SHA256
  
  a9d56c2aaf9c1885ac43e22fb44a03fd7c5bfb279e085877028f5aae9c898901
- SHA512
  
  f04832457db6157b6c209af2b12352210b962146f69150316958df28a6765be1109f0fe72123bef3a05f612b6493e84a02a5148f706bf84c982b758c79933b2f
- SSDEEP
  
  3072:AVq6TAShnhRrF+Uyd2mfrZcvCU2fRxF/bIJFnrYoQNpUBARmXgjn2yPAvnX7EMv:QTtRrFCdLfSR2f9/egMimGPQnXoMv
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm