vjw0rm | b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64 | Triage

Sharing

General

Target

W091.iso
Size

74KB
Sample

210814-eepcva2asa
MD5

f43fead415dba5687e256d5672837750
SHA1

15d2d02ceb41cb1ccae25a81643d81a35ec94756
SHA256

b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64
SHA512

3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  W091.js
- Size
  
  12KB
- MD5
  
  173fd53dae86a5a6b7c4af3e08c06539
- SHA1
  
  601f17247f330e78776eaa58fbd6fa1a3fbdf9f8
- SHA256
  
  c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7
- SHA512
  
  a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm