vjw0rm | 91b660e99b14d4d790953f9db3ba34d046d494624b53f53ef646fab40c64ace2 | Triage

Sharing

General

Target

Codes.txt.lnk
Size

1KB
Sample

210802-lafzgemyw2
MD5

537399896538f5897c325a350603a567
SHA1

0a2ff41a38f91f79dde2a579138396bc5e5a7378
SHA256

91b660e99b14d4d790953f9db3ba34d046d494624b53f53ef646fab40c64ace2
SHA512

fb61b629d1ba6c38164bf21a637a28dc741fe29df47ae81af0e448273b30a60504085f94ee3d31e981ca9d23ba7517a13ac4a8a4e805a13999d67bd29daec030

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://bit.ly/3j6OXnh

Targets

- Target
  
  Codes.txt.lnk
- Size
  
  1KB
- MD5
  
  537399896538f5897c325a350603a567
- SHA1
  
  0a2ff41a38f91f79dde2a579138396bc5e5a7378
- SHA256
  
  91b660e99b14d4d790953f9db3ba34d046d494624b53f53ef646fab40c64ace2
- SHA512
  
  fb61b629d1ba6c38164bf21a637a28dc741fe29df47ae81af0e448273b30a60504085f94ee3d31e981ca9d23ba7517a13ac4a8a4e805a13999d67bd29daec030
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

BITS Jobs

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

BITS Jobs

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm