vjw0rm | 21c1f33b0a6d1b5ecaf03b167e8701a9e9fa4ecf8935e9437ad01cc8f944349c | Triage

Sharing

General

Target

DHL September Pickup Form for E-Shipment Retu.js
Size

31KB
Sample

210903-dhw1ssfahq
MD5

0bc390a3151f3d4524d81c4f039d2685
SHA1

89d78b77ddbfbeb17d4d1a589d93f886bdc76e80
SHA256

21c1f33b0a6d1b5ecaf03b167e8701a9e9fa4ecf8935e9437ad01cc8f944349c
SHA512

d658ed37178255fbe2b8bca0dfc34a142c11139ddef078abb241a6c3bcb8759a4a46c693c14142bffc53eed1f18f0af394489ba66dcfed25b9aacca78aae76f8

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  DHL September Pickup Form for E-Shipment Retu.js
- Size
  
  31KB
- MD5
  
  0bc390a3151f3d4524d81c4f039d2685
- SHA1
  
  89d78b77ddbfbeb17d4d1a589d93f886bdc76e80
- SHA256
  
  21c1f33b0a6d1b5ecaf03b167e8701a9e9fa4ecf8935e9437ad01cc8f944349c
- SHA512
  
  d658ed37178255fbe2b8bca0dfc34a142c11139ddef078abb241a6c3bcb8759a4a46c693c14142bffc53eed1f18f0af394489ba66dcfed25b9aacca78aae76f8
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm