vjw0rm | 03f82590c595df2bb4247b1b9489713773fa800cacfbf38b811b35f97e9c4504 | Triage

Sharing

General

Target

SWIFT TRSF EUR2763O.PDF.js
Size

24KB
Sample

210113-wka6qxek3e
MD5

5858b1c3f3a59e6f8974138e16abbc34
SHA1

09242052cec1f1c6dc0f9a2927513962f4e2b944
SHA256

03f82590c595df2bb4247b1b9489713773fa800cacfbf38b811b35f97e9c4504
SHA512

1a3f0212ad754d5338ebdf7021ecc5d22f3e30f33cc9ef006d0a44aaffe3f4e68a8d77d5d27b2cd4d931734e7d36f92df808736c0649ac7baf19e9e99da30714

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  SWIFT TRSF EUR2763O.PDF.js
- Size
  
  24KB
- MD5
  
  5858b1c3f3a59e6f8974138e16abbc34
- SHA1
  
  09242052cec1f1c6dc0f9a2927513962f4e2b944
- SHA256
  
  03f82590c595df2bb4247b1b9489713773fa800cacfbf38b811b35f97e9c4504
- SHA512
  
  1a3f0212ad754d5338ebdf7021ecc5d22f3e30f33cc9ef006d0a44aaffe3f4e68a8d77d5d27b2cd4d931734e7d36f92df808736c0649ac7baf19e9e99da30714
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm