vjw0rm | ca4f5e21e40cebc6dcc711b89aa8ec71815bf8eea358768c037fde6dea26bc11 | Triage

Sharing

General

Target

JaffaCakes118_ca4f5e21e40cebc6dcc711b89aa8ec71815bf8eea358768c037fde6dea26bc11
Size

13KB
Sample

241222-d2zwssskal
MD5

ae7f0fbb06732ca9cea1fd875ec20cbb
SHA1

ab7e2da380f745377e930acf8430d84c32be7f05
SHA256

ca4f5e21e40cebc6dcc711b89aa8ec71815bf8eea358768c037fde6dea26bc11
SHA512

b3ac1fd44d8945bfbfb1c379f7b017624b666e65e56b253dea197e019edd41bfbc534e0b0358a54a7ed3c7691441101a56da5cb558f27e648c7f7497d724ff7a
SSDEEP

384:k2h+u5BbA8EuimUqHJKkYeszvRsIXfwf/:kC+obAVuixqokY5vFof/

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  f9ab5d8e6203bb615b809013ebf72b9a5cb6fc34aafcbba273cd38e561ef5eb2
- Size
  
  86KB
- MD5
  
  e70297cec555e96a3982fd80dcefcceb
- SHA1
  
  a7004501eb5cdc8014ba3e9c2cdcea98ae4329e2
- SHA256
  
  f9ab5d8e6203bb615b809013ebf72b9a5cb6fc34aafcbba273cd38e561ef5eb2
- SHA512
  
  728de99f11b0c738d14b9c3c535c2dabea497a4ba3a15a93928a8dcde776a60c7a39b1f6815c37f08696fd1afe1d7c73cd96775920b1c89469cafa7affcd7524
- SSDEEP
  
  768:YYEX5g9CYn496EkDLGdE743tUdXlfW1E0tAw7GYdT:PY6w9XUgE749UtlfW1E0tAw7GY1
Score

3^/10
behavioral1 behavioral2
- Target
  
  FedEx Shipment.js
- Size
  
  25KB
- MD5
  
  b5eec680d7588b496a4aa50223bc9714
- SHA1
  
  99cc3d44d5c78a39867f72b98a0fb1235b4bcd24
- SHA256
  
  259834c6e97251fc59c520e4f0591983cf6b1f414703e0c71b37482f7aea8509
- SHA512
  
  9c4218eb3f641fe02e8f4003b4fce928ef10d1d996ec0575bb4d823ca190e2f2b2d2a3cbc3678cdd2b94bfdc2c3d31aa97b144c47f7fcbcaaf0d682441bf74ac
- SSDEEP
  
  768:qEX5g9CYn496EkDLGdE743tUdXlfW1E0tAw7GYdTv:qY6w9XUgE749UtlfW1E0tAw7GY1v
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

vjw0rmexecutionpersistencetrojanworm

behavioral4

vjw0rmexecutionpersistencetrojanworm