vjw0rm | 95a97e608bdcb900439a3ba07ffb942bba4dea464d6141204f0628bca6102460 | Triage

Sharing

General

Target

BTCOPY.js
Size

28KB
Sample

210911-jqfaxabbe8
MD5

9d724d067e3238d3352de71e94367a8e
SHA1

9045f490135900647cb469dc3505021c3ed5f020
SHA256

95a97e608bdcb900439a3ba07ffb942bba4dea464d6141204f0628bca6102460
SHA512

716891218e1faad85922235e5479f4713c54d83bc17ed9571761de9d9919817e69e2bee444d9661c025ae51fb62f482d2bbfe6161cbf7f45347ea0725b6f4c3b

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  BTCOPY.js
- Size
  
  28KB
- MD5
  
  9d724d067e3238d3352de71e94367a8e
- SHA1
  
  9045f490135900647cb469dc3505021c3ed5f020
- SHA256
  
  95a97e608bdcb900439a3ba07ffb942bba4dea464d6141204f0628bca6102460
- SHA512
  
  716891218e1faad85922235e5479f4713c54d83bc17ed9571761de9d9919817e69e2bee444d9661c025ae51fb62f482d2bbfe6161cbf7f45347ea0725b6f4c3b
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm