vjw0rm | e17f108dbdae317833c6a8771493512e0a773b5357c2535e1eba22fca1975477 | Triage

Sharing

General

Target

JaffaCakes118_e17f108dbdae317833c6a8771493512e0a773b5357c2535e1eba22fca1975477
Size

54KB
Sample

241223-syrtcatlcq
MD5

2c0b7a9afbfc632f896b2cdad4940a5c
SHA1

23361b6e70d4bd672706dbf9dbbcb6fbfb9996dd
SHA256

e17f108dbdae317833c6a8771493512e0a773b5357c2535e1eba22fca1975477
SHA512

b986621141d634dbf913ce4bf5b9a5827e0755942d64faaf91ec9d59e3ac203a9d37b1ef6bf8cc4503bd5ba23aac4117c6c8692e6edb9c750c38ab077941798b
SSDEEP

1536:jRNFVoQDIvRMAT7Mmon+hoAIfle9orMXdJ7uS5:j9VoBvxT7Mnn+2A1CMXruW

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2
- Size
  
  270KB
- MD5
  
  faa422c6ccfe96edff7000ebef7b5776
- SHA1
  
  d9d72c12edecd7218b15f1554515f79bde997f72
- SHA256
  
  d0bbf57aae4d2807dce2ec9dff881b5ece9dcd236ab9753aefafdf67cc57e9b2
- SHA512
  
  2f39df9b952074d1b10c880671896770681f1e736bf57271c5790d20afcf9cc41e7180cea3c07aa2dd60808eda85a389696f7529f50a38e374d34d5a0e782dce
- SSDEEP
  
  1536:LN9aEj6vR1VsDUkc3YYCMKvyT5uOsrBibF1iCex1B2zwybiLPqirbmuzL/2ybpzP:LN9aZqMt9umRvwZzfDU
Score

3^/10
behavioral1 behavioral2
- Target
  
  image006.png.js
- Size
  
  209KB
- MD5
  
  e6860fcf7fd568970643d88ddc7d87cd
- SHA1
  
  fef07c35b5cb90b850f920b222b7cf005c03b199
- SHA256
  
  bae95e206861f753435369c3ca6b6c4bc655bd8a6f461c150785b1899766d55b
- SHA512
  
  85d9eb5e92a593de8c170a92f1d7d67fdb5ca4bc57b0a865a4a81d626873ae316514293eb77730b0d1a11136c4696adb413f5c071a227aed9f00e048a9b18f8b
- SSDEEP
  
  1536:eN9aEj6vR1VsDUkc3YYCMKvyT5uOsrBibF1iCex1B2zwybiLPqirbmuzL/2ybpzA:eN9aZqMt9umRvwZzfDUt
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

vjw0rmexecutionpersistencetrojanworm

behavioral4

vjw0rmexecutionpersistencetrojanworm