vjw0rm | 55ed437a25c188f85bb04ebcfcfc68ce6e4739b98c8a5e62b4e4b6921d70713e | Triage

Sharing

General

Target

ReceiptCopy.tar
Size

27KB
Sample

210226-7yk5cyx6px
MD5

e98fbfab10452901a85b6a1f75ab5068
SHA1

483f52d20950ebcb396e976327b7d47ee09d9893
SHA256

55ed437a25c188f85bb04ebcfcfc68ce6e4739b98c8a5e62b4e4b6921d70713e
SHA512

2847d7ee83e148af19109bea15bf5fa763b6e218fe977a839c729232c60b5f192e38dcb60762c46c62cdada968dc752c991f9903b5e3ff79f04f1cad988d5377

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  ReceiptCopy.js
- Size
  
  25KB
- MD5
  
  ea0364f70362a4980db75ec2daf47dd7
- SHA1
  
  3d8816bf7bb284811f39cb8334b8a98b7ceccc40
- SHA256
  
  b96407d5400aada01adfb86753604efa9e291a0b30d96f90d5897a1596947f4b
- SHA512
  
  af121da57ca5cc200ad5a3d216f95e4fa0d11257c6d4d1951978ed8f12e7991e133e8e5aca65cd0ef2fdcdce04d67bcaee082c905d6c809246d2bfed2b1628cf
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vjw0rmtrojanworm