vjw0rm | 2d265907c009ffc0c17b656f7dd30e3c585dcbdb0b64553cf0b799cb85855b3f | Triage

Sharing

General

Target

RevisedInvoice.js
Size

31KB
Sample

210902-brp24kjp12
MD5

ede4c686609d86a917d4db9087bcee77
SHA1

a89d800a5b70e2660484ff875b198082ef307147
SHA256

2d265907c009ffc0c17b656f7dd30e3c585dcbdb0b64553cf0b799cb85855b3f
SHA512

e67562c9581c779fc2dabcc2571b9ae3923009d33174826458d5d986bf33b4d0fc7f9125255c519b97461d8105c1e38ee36656eac5aa2c404e3c9a2dd41bc365

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  RevisedInvoice.js
- Size
  
  31KB
- MD5
  
  ede4c686609d86a917d4db9087bcee77
- SHA1
  
  a89d800a5b70e2660484ff875b198082ef307147
- SHA256
  
  2d265907c009ffc0c17b656f7dd30e3c585dcbdb0b64553cf0b799cb85855b3f
- SHA512
  
  e67562c9581c779fc2dabcc2571b9ae3923009d33174826458d5d986bf33b4d0fc7f9125255c519b97461d8105c1e38ee36656eac5aa2c404e3c9a2dd41bc365
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vjw0rmpersistencetrojanworm