vjw0rm | dca9742380d4dfe4f501f1f24e3b856113be1be99a1548e27117cc67bd997fb9 | Triage

Sharing

General

Target

Our New Order Jul 28 2021 at 2.80PVV440PDF.j.js
Size

16KB
Sample

210728-xmgfwtjh82
MD5

e1fe4fbc351e87183a531bc2263a4d24
SHA1

cca28f37cd27838f83848bd719c5881da1063af7
SHA256

dca9742380d4dfe4f501f1f24e3b856113be1be99a1548e27117cc67bd997fb9
SHA512

5ec3eb28207223cca9c18f667a4ed90b077f21ba1e07c7adf54c69549e178a3131c28dce5ff6a54cdf25952fccfe5466cb9fb87bab4e97dd6246441d7a70dc6e

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Our New Order Jul 28 2021 at 2.80PVV440PDF.j.js
- Size
  
  16KB
- MD5
  
  e1fe4fbc351e87183a531bc2263a4d24
- SHA1
  
  cca28f37cd27838f83848bd719c5881da1063af7
- SHA256
  
  dca9742380d4dfe4f501f1f24e3b856113be1be99a1548e27117cc67bd997fb9
- SHA512
  
  5ec3eb28207223cca9c18f667a4ed90b077f21ba1e07c7adf54c69549e178a3131c28dce5ff6a54cdf25952fccfe5466cb9fb87bab4e97dd6246441d7a70dc6e
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm