vjw0rm | 42cadce684f1b747fa31f2c109c2a729ca5d1baf4aed93f3c3f87fb8f7053deb | Triage

Sharing

General

Target

ORDER-21729.doc.js
Size

148KB
Sample

210729-k2gmzlgfzn
MD5

be1345c7e8039f7d3782a06a03361767
SHA1

21d422062fa6de71e94b529e67566477333df43f
SHA256

42cadce684f1b747fa31f2c109c2a729ca5d1baf4aed93f3c3f87fb8f7053deb
SHA512

54a486c8e832cedbadee557fd64f54493bf4ee7c5be2fe4f08a9c1a29f6663d1b91bddbf3038e306bf5060578617b7c6dd502f66e2444d7dc79e2da812a96da8

Score

10^/10

vjw0rm trojan worm

Malware Config

Targets

- Target
  
  ORDER-21729.doc.js
- Size
  
  148KB
- MD5
  
  be1345c7e8039f7d3782a06a03361767
- SHA1
  
  21d422062fa6de71e94b529e67566477333df43f
- SHA256
  
  42cadce684f1b747fa31f2c109c2a729ca5d1baf4aed93f3c3f87fb8f7053deb
- SHA512
  
  54a486c8e832cedbadee557fd64f54493bf4ee7c5be2fe4f08a9c1a29f6663d1b91bddbf3038e306bf5060578617b7c6dd502f66e2444d7dc79e2da812a96da8
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm