Overview

overview

10

Static

static

0aa2dd1f59...d95.js

windows7_x64

10

0aa2dd1f59...d95.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aa2dd1f59a1d55cd5021244c1d7383cadbef5363c22718a4d9e47610af30d95.js

  • Size

    6KB

  • Sample

    210802-kyrph51a1n

  • MD5

    da985273a6ca8dfb6a17ff26956a2e71

  • SHA1

    cda0aff65ed3c91b4788f2f7216831cb1ed563ac

  • SHA256

    0aa2dd1f59a1d55cd5021244c1d7383cadbef5363c22718a4d9e47610af30d95

  • SHA512

    e0220201e4e60f7b3b88d6908f4c00cadf8c2fdc6dedaa895ac95b4dbee3de8525b020366840d01701a4719f13e4b0a9b4fbcc9e899e8b5d2e278b265e1993bf

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      0aa2dd1f59a1d55cd5021244c1d7383cadbef5363c22718a4d9e47610af30d95.js

    • Size

      6KB

    • MD5

      da985273a6ca8dfb6a17ff26956a2e71

    • SHA1

      cda0aff65ed3c91b4788f2f7216831cb1ed563ac

    • SHA256

      0aa2dd1f59a1d55cd5021244c1d7383cadbef5363c22718a4d9e47610af30d95

    • SHA512

      e0220201e4e60f7b3b88d6908f4c00cadf8c2fdc6dedaa895ac95b4dbee3de8525b020366840d01701a4719f13e4b0a9b4fbcc9e899e8b5d2e278b265e1993bf

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks