vjw0rm | 86177bfcebdc7ae4a3d049399710ff6272f8289160c068465d729e7cff80f4c7 | Triage

Sharing

General

Target

yyUgEcLmud.js
Size

10KB
Sample

210901-2tcalzmywj
MD5

65363d0ea259acee31709e3e7a45cab8
SHA1

10143fc1636eb68c01f5fd6b39244dbd393c66e9
SHA256

86177bfcebdc7ae4a3d049399710ff6272f8289160c068465d729e7cff80f4c7
SHA512

6eb5e93b6a6be0e0c9aecbb4f356e188c41a475a926ef1de5329bfbb80509ab4dbbafd219027ea42e89ae4d355740277820a5e20c0dae5cb27d00e2f00ee070f

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  yyUgEcLmud.js
- Size
  
  10KB
- MD5
  
  65363d0ea259acee31709e3e7a45cab8
- SHA1
  
  10143fc1636eb68c01f5fd6b39244dbd393c66e9
- SHA256
  
  86177bfcebdc7ae4a3d049399710ff6272f8289160c068465d729e7cff80f4c7
- SHA512
  
  6eb5e93b6a6be0e0c9aecbb4f356e188c41a475a926ef1de5329bfbb80509ab4dbbafd219027ea42e89ae4d355740277820a5e20c0dae5cb27d00e2f00ee070f
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm