vjw0rm | 06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5 | Triage

Sharing

General

Target

Shipping_Details.js
Size

9.2MB
Sample

250211-hg2bcaypdn
MD5

c72d738747f68d4f8d9e9368e47928bf
SHA1

00b523b2e3ab0f2bfd7d4aabf3b1c33ae390c585
SHA256

06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5
SHA512

1a01baa0c813b928cf5dfe456f76acdcf9be0e0df8a6131e248f9aa5456c65a69cb9809efe56afc4db32cfeeb93ca42e3319f1e53689ba4ed23b77911b802c61
SSDEEP

3072:gNK8RjR/R8x/xqm2O1IrWa7Mjv/GnOv3GmPLjCKKIz9vs2J96i/OBDVOdz83Pm7+:I

Score

10^/10

vjw0rm discovery execution trojan worm

Malware Config

Targets

- Target
  
  Shipping_Details.js
- Size
  
  9.2MB
- MD5
  
  c72d738747f68d4f8d9e9368e47928bf
- SHA1
  
  00b523b2e3ab0f2bfd7d4aabf3b1c33ae390c585
- SHA256
  
  06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5
- SHA512
  
  1a01baa0c813b928cf5dfe456f76acdcf9be0e0df8a6131e248f9aa5456c65a69cb9809efe56afc4db32cfeeb93ca42e3319f1e53689ba4ed23b77911b802c61
- SSDEEP
  
  3072:gNK8RjR/R8x/xqm2O1IrWa7Mjv/GnOv3GmPLjCKKIz9vs2J96i/OBDVOdz83Pm7+:I
Score

10^/10

vjw0rm discovery execution trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmdiscoveryexecutiontrojanworm

behavioral2

vjw0rmdiscoveryexecutiontrojanworm