vjw0rm | b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704 | Triage

Sharing

General

Target

PaymentReceipt_345.js
Size

27KB
Sample

210118-fka9p7xvqx
MD5

498ecc30f8856e7c6a509fbc73b86df6
SHA1

4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8
SHA256

b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704
SHA512

e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  PaymentReceipt_345.js
- Size
  
  27KB
- MD5
  
  498ecc30f8856e7c6a509fbc73b86df6
- SHA1
  
  4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8
- SHA256
  
  b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704
- SHA512
  
  e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm