Overview

overview

10

Static

static

1.js

windows7_x64

10

1.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.js

  • Size

    31KB

  • Sample

    210901-xzd8hf5han

  • MD5

    3771bb59d87a6d8e0d7e7a9846e71f1a

  • SHA1

    dc4046ac08b572ad4c155606de569456ec4335b4

  • SHA256

    91bf45557d26f24ad6224c87c80e94ee9c19094b66f67bcfb121e65c568e9632

  • SHA512

    2d70c22373e4e2ef3803acd55985ee3202ead0078bff572ddb9de06e8fed1e29ff12df61387c6afa929b74b0e4c1309cbae66effb134fdbc48b390ba50254c1e

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      1.js

    • Size

      31KB

    • MD5

      3771bb59d87a6d8e0d7e7a9846e71f1a

    • SHA1

      dc4046ac08b572ad4c155606de569456ec4335b4

    • SHA256

      91bf45557d26f24ad6224c87c80e94ee9c19094b66f67bcfb121e65c568e9632

    • SHA512

      2d70c22373e4e2ef3803acd55985ee3202ead0078bff572ddb9de06e8fed1e29ff12df61387c6afa929b74b0e4c1309cbae66effb134fdbc48b390ba50254c1e

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks