vjw0rm | 18e730c58a9d2c93e49fa190c3443891e8015f680985a84e7e811790bee24965 | Triage

Sharing

General

Target

f6edd0eac50f2a0efd32bff77c3af7c7_JaffaCakes118
Size

903KB
Sample

240925-1r76razcnp
MD5

f6edd0eac50f2a0efd32bff77c3af7c7
SHA1

4776b641c07d6320b5657e3e14dfaec2c3ef120a
SHA256

18e730c58a9d2c93e49fa190c3443891e8015f680985a84e7e811790bee24965
SHA512

889cc71cd5de0eca2cab5d83aade9734807d30c237dcbbea26e24ea6d2c6cb4c40ce3c501c4ab3084ca16b256c12fff05b6193e53df55198c9bf418b546aa73b
SSDEEP

24576:tAHnh+eWsN3skA4RV1Hom2KXMmHa8TmwHV5:Mh+ZkldoPK8Ya8TmU

Score

10^/10

vjw0rm discovery execution trojan worm

Malware Config

Targets

- Target
  
  f6edd0eac50f2a0efd32bff77c3af7c7_JaffaCakes118
- Size
  
  903KB
- MD5
  
  f6edd0eac50f2a0efd32bff77c3af7c7
- SHA1
  
  4776b641c07d6320b5657e3e14dfaec2c3ef120a
- SHA256
  
  18e730c58a9d2c93e49fa190c3443891e8015f680985a84e7e811790bee24965
- SHA512
  
  889cc71cd5de0eca2cab5d83aade9734807d30c237dcbbea26e24ea6d2c6cb4c40ce3c501c4ab3084ca16b256c12fff05b6193e53df55198c9bf418b546aa73b
- SSDEEP
  
  24576:tAHnh+eWsN3skA4RV1Hom2KXMmHa8TmwHV5:Mh+ZkldoPK8Ya8TmU
Score

10^/10

vjw0rm discovery execution trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmdiscoveryexecutiontrojanworm

behavioral2

vjw0rmdiscoveryexecutiontrojanworm