vjw0rm | 830229964e0a12a468c5d3c0578a5e4e782c2ae7bcc240d7bf6f82a373ae08c6 | Triage

Sharing

General

Target

RFQ SANOVIT.js
Size

5.8MB
Sample

240125-jv4jasbeh8
MD5

68fe8b2c25d14040c66447c5c79a9ada
SHA1

cad211509ce75af931879b13af4f97d1e550f427
SHA256

830229964e0a12a468c5d3c0578a5e4e782c2ae7bcc240d7bf6f82a373ae08c6
SHA512

8649ec2b2a41fca46cff2f6acb3a159eabbc7dcfacf858990b3f092618b706af9265299be2d650b9c39f46843bdb90539861e61a2cfef8778f7cca4a4567c84f
SSDEEP

24576:KDlDx+TAMOOb5biMkVXTFQRkdgMdsrot/ycPMP4qavnS8CQD+52/UBT6twHHeV1E:X

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  RFQ SANOVIT.js
- Size
  
  5.8MB
- MD5
  
  68fe8b2c25d14040c66447c5c79a9ada
- SHA1
  
  cad211509ce75af931879b13af4f97d1e550f427
- SHA256
  
  830229964e0a12a468c5d3c0578a5e4e782c2ae7bcc240d7bf6f82a373ae08c6
- SHA512
  
  8649ec2b2a41fca46cff2f6acb3a159eabbc7dcfacf858990b3f092618b706af9265299be2d650b9c39f46843bdb90539861e61a2cfef8778f7cca4a4567c84f
- SSDEEP
  
  24576:KDlDx+TAMOOb5biMkVXTFQRkdgMdsrot/ycPMP4qavnS8CQD+52/UBT6twHHeV1E:X
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm