vjw0rm | dff140d494fb80e82a23e29b374abc733ed9b62525fdca0341fdbb121290dca6 | Triage

Sharing

General

Target

MtBJlv_GM.js
Size

26KB
Sample

210830-drqlzfr3ya
MD5

e9a08df4b85e99b01a9c145e9af3964d
SHA1

e498d70a9b568d7a66d661c91e9ed2db52d442df
SHA256

dff140d494fb80e82a23e29b374abc733ed9b62525fdca0341fdbb121290dca6
SHA512

a2e2bfc777e80770444554866fc29df5ce307974bc842de43d40ab1b536d0be1398eff97ba2d6bc73c59966b86570ebc3c4ce85d1f6430c2a32c4110b2e73283

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  MtBJlv_GM.js
- Size
  
  26KB
- MD5
  
  e9a08df4b85e99b01a9c145e9af3964d
- SHA1
  
  e498d70a9b568d7a66d661c91e9ed2db52d442df
- SHA256
  
  dff140d494fb80e82a23e29b374abc733ed9b62525fdca0341fdbb121290dca6
- SHA512
  
  a2e2bfc777e80770444554866fc29df5ce307974bc842de43d40ab1b536d0be1398eff97ba2d6bc73c59966b86570ebc3c4ce85d1f6430c2a32c4110b2e73283
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm