vjw0rm | 2013959396545e0d1c1a0c178544a778764ff12c4fba9a6637835a202cce979b | Triage

Sharing

General

Target

bd402a7b48f2b162736f4848c329792c
Size

147KB
Sample

240310-bc8rasgc8w
MD5

bd402a7b48f2b162736f4848c329792c
SHA1

fc17278dbfe1e9d65a3b8f2cb8a972017eaf1cc6
SHA256

2013959396545e0d1c1a0c178544a778764ff12c4fba9a6637835a202cce979b
SHA512

af6d380d7c3cc1540b9aa9c1bf070178f4120b78f6c571e67b43af1a4cd6199c139a2dd7890b03920cc8cfcfa5c2f56f627b553f0cb09ae71ca495bd73cf7ccc
SSDEEP

3072:vAnBzB/sfK4/mNwKEoZ/4+TK8tA3uQr+22kj5Duor+rS:oB6K4mSKZC39r+6Duor+G

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  bd402a7b48f2b162736f4848c329792c
- Size
  
  147KB
- MD5
  
  bd402a7b48f2b162736f4848c329792c
- SHA1
  
  fc17278dbfe1e9d65a3b8f2cb8a972017eaf1cc6
- SHA256
  
  2013959396545e0d1c1a0c178544a778764ff12c4fba9a6637835a202cce979b
- SHA512
  
  af6d380d7c3cc1540b9aa9c1bf070178f4120b78f6c571e67b43af1a4cd6199c139a2dd7890b03920cc8cfcfa5c2f56f627b553f0cb09ae71ca495bd73cf7ccc
- SSDEEP
  
  3072:vAnBzB/sfK4/mNwKEoZ/4+TK8tA3uQr+22kj5Duor+rS:oB6K4mSKZC39r+6Duor+G
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm