vjw0rm | a745eea0381b55cf2efe28cd6172d38bb1284d49f3f1d506bc010c7be4cb8546 | Triage

Sharing

General

Target

a745eea0381b55cf2efe28cd6172d38bb1284d49f3f1d506bc010c7be4cb8546
Size

27KB
Sample

240226-11cffahd73
MD5

cc01cf8d821a2c3059fe6598d81c8037
SHA1

cbc52f57491f1f11c12d6ab3ee515c5149aaeeb1
SHA256

a745eea0381b55cf2efe28cd6172d38bb1284d49f3f1d506bc010c7be4cb8546
SHA512

d552bc4fd264805a48b33241d34b22cdc995bd8081a596da09c52fc085f79108c045611f839c1689ecc37d3ec75a4afe1e2f20b1ae93bd31985783966070de3b
SSDEEP

768:MwiSEtFOv4qIglQKXrAwanRlgrxAGl3lrIOwkxb:biSE+grglhrA1krx8Oweb

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  a745eea0381b55cf2efe28cd6172d38bb1284d49f3f1d506bc010c7be4cb8546
- Size
  
  27KB
- MD5
  
  cc01cf8d821a2c3059fe6598d81c8037
- SHA1
  
  cbc52f57491f1f11c12d6ab3ee515c5149aaeeb1
- SHA256
  
  a745eea0381b55cf2efe28cd6172d38bb1284d49f3f1d506bc010c7be4cb8546
- SHA512
  
  d552bc4fd264805a48b33241d34b22cdc995bd8081a596da09c52fc085f79108c045611f839c1689ecc37d3ec75a4afe1e2f20b1ae93bd31985783966070de3b
- SSDEEP
  
  768:MwiSEtFOv4qIglQKXrAwanRlgrxAGl3lrIOwkxb:biSE+grglhrA1krx8Oweb
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm