vjw0rm | 04794d83a3b53d9d2267376f061e61b970545ca95a7d0d5f863f5f08d2a8484e | Triage

Sharing

General

Target

njmyettnik
Size

1.7MB
Sample

240425-k7v85ahd28
MD5

54c3af244b903c34bc75114d6c646a7c
SHA1

ab8361b65b43961d09f26bf9e30ecda857d63038
SHA256

04794d83a3b53d9d2267376f061e61b970545ca95a7d0d5f863f5f08d2a8484e
SHA512

faf6e88481e052a2a3b0814a250746b0dd36ba41b7cf766a5308535c5f6ae0042447a769737bce0b0ef0542631bdd8d5381712f9f9622100867620b49cbbe8d6
SSDEEP

24576:PcX5jU8K3wU/qkyvKTmTWRTJ2OSy1LJx2DJpp6UY8X9UogttxldmtdAMPkIJxe3L:Px7tZHfY7AHk+

Score

10^/10

vjw0rm discovery persistence trojan worm

Malware Config

Targets

- Target
  
  njmyettnik
- Size
  
  1.7MB
- MD5
  
  54c3af244b903c34bc75114d6c646a7c
- SHA1
  
  ab8361b65b43961d09f26bf9e30ecda857d63038
- SHA256
  
  04794d83a3b53d9d2267376f061e61b970545ca95a7d0d5f863f5f08d2a8484e
- SHA512
  
  faf6e88481e052a2a3b0814a250746b0dd36ba41b7cf766a5308535c5f6ae0042447a769737bce0b0ef0542631bdd8d5381712f9f9622100867620b49cbbe8d6
- SSDEEP
  
  24576:PcX5jU8K3wU/qkyvKTmTWRTJ2OSy1LJx2DJpp6UY8X9UogttxldmtdAMPkIJxe3L:Px7tZHfY7AHk+
Score

10^/10

vjw0rm persistence trojan worm discovery
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmdiscoverypersistencetrojanworm