vjw0rm | 8f6731af469a59bf034f934876708ac2f9fc17b111a94e0ce750f56d6d927d42 | Triage

Sharing

General

Target

9674d32d4f08b3ab045d81a9d64c5e57
Size

125KB
Sample

240212-gxypqaed6x
MD5

9674d32d4f08b3ab045d81a9d64c5e57
SHA1

59f7b5a07e7877fe54c1776e4007cfef26f5c050
SHA256

8f6731af469a59bf034f934876708ac2f9fc17b111a94e0ce750f56d6d927d42
SHA512

32702cdfdcd30ee7738749c9fa492cccfef15159bf7d3ed669ce10830700cc761c2a8f8006f13ba64c2892356b716f186a07a4128e4f402c360eb05b90e6dcce
SSDEEP

3072:SjoGR9+qynt/8Ky6nLu8fUvg740E+pJcf+LMb+6B0j:SuabY9Uvkd73cGLY+6B0j

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  9674d32d4f08b3ab045d81a9d64c5e57
- Size
  
  125KB
- MD5
  
  9674d32d4f08b3ab045d81a9d64c5e57
- SHA1
  
  59f7b5a07e7877fe54c1776e4007cfef26f5c050
- SHA256
  
  8f6731af469a59bf034f934876708ac2f9fc17b111a94e0ce750f56d6d927d42
- SHA512
  
  32702cdfdcd30ee7738749c9fa492cccfef15159bf7d3ed669ce10830700cc761c2a8f8006f13ba64c2892356b716f186a07a4128e4f402c360eb05b90e6dcce
- SSDEEP
  
  3072:SjoGR9+qynt/8Ky6nLu8fUvg740E+pJcf+LMb+6B0j:SuabY9Uvkd73cGLY+6B0j
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm