vjw0rm | e4a7c3ccf07158984d50ebb1124663776ad95d9e857fea7eef5ce87eb9bc62f3 | Triage

Sharing

General

Target

POS_1.js
Size

28KB
Sample

210911-xz2gdsefhr
MD5

e42d34f7c318c8f4444331b58517a582
SHA1

083c8fa495b38c1509a267c1a07873caf914b57b
SHA256

e4a7c3ccf07158984d50ebb1124663776ad95d9e857fea7eef5ce87eb9bc62f3
SHA512

7efa350496c915fdb703c8742bf15c99a9767c8a1f15738dc4ead64cd6d296eef26ed2eb60b34e1587ac0b3b53aa56730cfe9710f98ac8d6cf7cc65ad499d4cc

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  POS_1.js
- Size
  
  28KB
- MD5
  
  e42d34f7c318c8f4444331b58517a582
- SHA1
  
  083c8fa495b38c1509a267c1a07873caf914b57b
- SHA256
  
  e4a7c3ccf07158984d50ebb1124663776ad95d9e857fea7eef5ce87eb9bc62f3
- SHA512
  
  7efa350496c915fdb703c8742bf15c99a9767c8a1f15738dc4ead64cd6d296eef26ed2eb60b34e1587ac0b3b53aa56730cfe9710f98ac8d6cf7cc65ad499d4cc
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm