vjw0rm | f494422ec0931062c6fd39171b0363299073cb78b18209b11fe36f1c3065f8d6 | Triage

Resubmissions

09-01-2025 16:47

250109-vang5avlcx 10

09-01-2025 10:36

250109-mm9xwszlap 10

Sharing

General

Target

sus.js
Size

5KB
Sample

250109-vang5avlcx
MD5

5ffa64bc687da9b568eaaca857db1a1f
SHA1

5593dcbaee25124b49a9bd76a491c53cefb54acb
SHA256

f494422ec0931062c6fd39171b0363299073cb78b18209b11fe36f1c3065f8d6
SHA512

5ec4704d2da3c221d8dcf4df7adb2845e1ccafce689d33141c3bbd8bd702355e71fc91e9e5b5c2f763c6b76c05f33c401004d085608147dd720da31db834399a
SSDEEP

96:SABNo5DRk2c24ZRMHXE6/BI0w+Ys+fJrDdQqR7bJyKIROS4Uu/ingHXRZfzYMe/d:zSa2c24ZRMlBI0TYs+fJXfRfNJingHXm

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  sus.js
- Size
  
  5KB
- MD5
  
  5ffa64bc687da9b568eaaca857db1a1f
- SHA1
  
  5593dcbaee25124b49a9bd76a491c53cefb54acb
- SHA256
  
  f494422ec0931062c6fd39171b0363299073cb78b18209b11fe36f1c3065f8d6
- SHA512
  
  5ec4704d2da3c221d8dcf4df7adb2845e1ccafce689d33141c3bbd8bd702355e71fc91e9e5b5c2f763c6b76c05f33c401004d085608147dd720da31db834399a
- SSDEEP
  
  96:SABNo5DRk2c24ZRMHXE6/BI0w+Ys+fJrDdQqR7bJyKIROS4Uu/ingHXRZfzYMe/d:zSa2c24ZRMlBI0TYs+fJXfRfNJingHXm
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmexecutionpersistencetrojanworm