vjw0rm | 66037239aa96e722f20864b8a140576e3c592cafe2d9a6067b3ff349ea851792 | Triage

Sharing

General

Target

JaffaCakes118_66037239aa96e722f20864b8a140576e3c592cafe2d9a6067b3ff349ea851792
Size

74KB
Sample

241230-e33vhsyjbx
MD5

56f3d5b3cfe778258257aca98b973e91
SHA1

b0a6e1937ed6e21842c7759a3cd19979eab63c63
SHA256

66037239aa96e722f20864b8a140576e3c592cafe2d9a6067b3ff349ea851792
SHA512

1d70cf6b2d109367dcf7279ba8d60dbb9bb032a5e5230bac7926f46b71c1a462097590bada7685df3b6f9a9a014a25d6de35052f0a9e178a8a6c37af122dbdfc
SSDEEP

384:se4Np85FCpanpunSDi5WMsdoujUpoo5SU2Vc65Xvvt6:sNNW/2s8j5W/5sooE3VH5Xvvt6

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  JaffaCakes118_66037239aa96e722f20864b8a140576e3c592cafe2d9a6067b3ff349ea851792
- Size
  
  74KB
- MD5
  
  56f3d5b3cfe778258257aca98b973e91
- SHA1
  
  b0a6e1937ed6e21842c7759a3cd19979eab63c63
- SHA256
  
  66037239aa96e722f20864b8a140576e3c592cafe2d9a6067b3ff349ea851792
- SHA512
  
  1d70cf6b2d109367dcf7279ba8d60dbb9bb032a5e5230bac7926f46b71c1a462097590bada7685df3b6f9a9a014a25d6de35052f0a9e178a8a6c37af122dbdfc
- SSDEEP
  
  384:se4Np85FCpanpunSDi5WMsdoujUpoo5SU2Vc65Xvvt6:sNNW/2s8j5W/5sooE3VH5Xvvt6
Score

3^/10
behavioral1 behavioral2
- Target
  
  #WPNMD903WEBNSM.js
- Size
  
  13KB
- MD5
  
  76afb4e74dd9305a478e9a436086c393
- SHA1
  
  fd233c3e245894c8ea473a394b4363a0616f423b
- SHA256
  
  cbf943d583ce8bf8229df4072ed28f1598c1212b45f3bc3a2132e17a72957f02
- SHA512
  
  6189972dc375bbccb80e2770492b8ca04320430bd2087a5716d40725d991a9d6a4095a6f9fee5edd9aaf6490195aa9cb66fcb411b54b2fe40bb5ea9274e5b0b7
- SSDEEP
  
  384:v4Np85FCpanpunSDi5WMsdoujUpoo5SU2Vc65Xvvt6h:QNW/2s8j5W/5sooE3VH5Xvvt6h
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

vjw0rmexecutionpersistencetrojanworm

behavioral4

vjw0rmexecutionpersistencetrojanworm