vjw0rm | 5b390b74f05f0682957fcd9523f061ff8f3f8cdcd90ad2700a616bbfcfff7abe | Triage

Sharing

General

Target

747a2b7215df1da7c93365f7c2624dda_JaffaCakes118
Size

8KB
Sample

240526-f92fpshe58
MD5

747a2b7215df1da7c93365f7c2624dda
SHA1

d8d6e38fde57f2c0d52f90f0ea84ec46914417a5
SHA256

5b390b74f05f0682957fcd9523f061ff8f3f8cdcd90ad2700a616bbfcfff7abe
SHA512

3f2770ac3e64410f0a2c0ca446e2f6227a50c430a70fd1ad86637bd625acc58cdd1403ffaf20a705e710496563019c356eb4aeff69ea8e4f88916fd3f9b16f2d
SSDEEP

192:mmzUqHP7YmOBm3U33sM1djs1arbksfeNqwXz0Te2p:mmzRv7Ym0m23sM15szNbkdp

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  Documento-alteraao-11.03.2020.pdf.js
- Size
  
  11KB
- MD5
  
  7f7cce8ee185cce9e86e84a6d0885b57
- SHA1
  
  93337be9638d0edf6798ae01b13b5482d6b26da3
- SHA256
  
  95620589e26199d5b927ebeeb777042b9efbd2311aaea1c369bdf78a39a89943
- SHA512
  
  fa873eb30474d4fc9ebe1ef209c8f5bfed9b91712102806e4d6608f1706815dcf293780d4e09e1e1800a6d5f2de61034d7406bcfc5eeef545daa1010e6d9e9e2
- SSDEEP
  
  192:zeWaZT3p/+yzT++dMpZ7Wp66zRtuXg25EGV3ehAlL+vrBOYf+wF:6ZTZ/+yzTndMpkg6zR0QCeKUvrlvF
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmexecutionpersistencetrojanworm

behavioral2

vjw0rmexecutionpersistencetrojanworm