vjw0rm | b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c | Triage

Sharing

General

Target

b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c (1)
Size

23KB
Sample

240327-p3m46sff3t
MD5

9adebc3e15bf17b0095fd958e634b659
SHA1

75587f0e6094b057fd4c3ec85b5283d84b3cf95a
SHA256

b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c
SHA512

5b6695670b1e121e82d1b0ecc38903e8ffae2ce23c696aae37d9d261ec8977bc1f22c9fa9da400a7e379984eab01ec85bfd29014b85766c587d206a327ec40bc
SSDEEP

384:dJ4yLFLjlyW/XExNnu6kYgeb63t8jjXVqfa8wWZdPuJrrHtldszaxfc/fMAKk:/NLjlJCuvY363t8PsS8ju1dszaRiMAKk

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://severdops.ddns.net:5050

Targets

- Target
  
  b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c (1)
- Size
  
  23KB
- MD5
  
  9adebc3e15bf17b0095fd958e634b659
- SHA1
  
  75587f0e6094b057fd4c3ec85b5283d84b3cf95a
- SHA256
  
  b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c
- SHA512
  
  5b6695670b1e121e82d1b0ecc38903e8ffae2ce23c696aae37d9d261ec8977bc1f22c9fa9da400a7e379984eab01ec85bfd29014b85766c587d206a327ec40bc
- SSDEEP
  
  384:dJ4yLFLjlyW/XExNnu6kYgeb63t8jjXVqfa8wWZdPuJrrHtldszaxfc/fMAKk:/NLjlJCuvY363t8PsS8ju1dszaRiMAKk
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm