vjw0rm | 2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f | Triage

Sharing

General

Target

PaymentReceipt.js
Size

28KB
Sample

210117-hh6jad1qbe
MD5

b199269852088f41919025ee636a8f6d
SHA1

3b0262420bf7a33d4265415e9245c4fa21f5398f
SHA256

2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f
SHA512

477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  PaymentReceipt.js
- Size
  
  28KB
- MD5
  
  b199269852088f41919025ee636a8f6d
- SHA1
  
  3b0262420bf7a33d4265415e9245c4fa21f5398f
- SHA256
  
  2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f
- SHA512
  
  477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm