vjw0rm | 81f1d78c95edb2952a13f5ec068a3b30be04c4e128c6348bc07439a4f4fdd82c | Triage

Sharing

General

Target

737ab81779d546b3ccc019569acb0269
Size

6KB
Sample

240125-cr16faeegl
MD5

737ab81779d546b3ccc019569acb0269
SHA1

d746edccdfb5ba9f357ab6a6281c1c09c25b5912
SHA256

81f1d78c95edb2952a13f5ec068a3b30be04c4e128c6348bc07439a4f4fdd82c
SHA512

961b5f3f1913595352914bd159c34d3767b96494a5be211cd69dbe64f921b29a12321498298ee0c93e3b2c85a443c0fd9b4593dc73fe3266e8517e17e5bfa951
SSDEEP

192:Q5oLzuRWuuuuKtCbkIHHxcggPn5wDy4jn116My3:Q5oHKWuuuuJ3CggPMbY

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  737ab81779d546b3ccc019569acb0269
- Size
  
  6KB
- MD5
  
  737ab81779d546b3ccc019569acb0269
- SHA1
  
  d746edccdfb5ba9f357ab6a6281c1c09c25b5912
- SHA256
  
  81f1d78c95edb2952a13f5ec068a3b30be04c4e128c6348bc07439a4f4fdd82c
- SHA512
  
  961b5f3f1913595352914bd159c34d3767b96494a5be211cd69dbe64f921b29a12321498298ee0c93e3b2c85a443c0fd9b4593dc73fe3266e8517e17e5bfa951
- SSDEEP
  
  192:Q5oLzuRWuuuuKtCbkIHHxcggPn5wDy4jn116My3:Q5oHKWuuuuJ3CggPMbY
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm