vjw0rm | fb10a337c70d9fff2fa0f62e99e19dfb10026c5c95220b8004e9469b75e51a16 | Triage

Sharing

General

Target

d6857d23668667142279cb4c00c9e164
Size

177KB
Sample

240319-tdtymsge6v
MD5

d6857d23668667142279cb4c00c9e164
SHA1

50409d70a7f006d784652a66165f7f683878d4e8
SHA256

fb10a337c70d9fff2fa0f62e99e19dfb10026c5c95220b8004e9469b75e51a16
SHA512

29f41916b405ea6ad1492077a2bca621e0c268302918abb2f87753739ac2d4259903a1acbb24fc03656b07ffff10b29344836b2545b96f57026d1ef0bf039d92
SSDEEP

3072:8i00Y/8weH+5kJlNHCvjE+tnUFHzpwzfLGIDzRE6p5pQUDt0AAMeox9Vzk5T3w/h:8iH5H+5Q/E/nUFTuvDzRXDt0AAMeaVo+

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  Order550232.jar
- Size
  
  129KB
- MD5
  
  c91d4750382881ff7da852e22a6f2419
- SHA1
  
  b916255dfadf02871d0a84083e989df52396e75b
- SHA256
  
  12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3
- SHA512
  
  e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244
- SSDEEP
  
  3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm