vjw0rm | 585ac83dcf8a6c3138d3e2a5682142427b8cce541dda443672552a52ab28f05d | Triage

Sharing

General

Target

eVoucher#.js
Size

31KB
Sample

210920-rbkwvaghhr
MD5

214ec6b7df53b376868f51e63a1dc66e
SHA1

1395ad3250027c19fdc18d8c7702b0577228e792
SHA256

585ac83dcf8a6c3138d3e2a5682142427b8cce541dda443672552a52ab28f05d
SHA512

b8fb456d9b2fc1d204669c78a76a168f714b164b36da42791f15961149e0fd07b602f028752b8b6134938e6ea938723257d3d987939073b9235a35ddacfafda6

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  eVoucher#.js
- Size
  
  31KB
- MD5
  
  214ec6b7df53b376868f51e63a1dc66e
- SHA1
  
  1395ad3250027c19fdc18d8c7702b0577228e792
- SHA256
  
  585ac83dcf8a6c3138d3e2a5682142427b8cce541dda443672552a52ab28f05d
- SHA512
  
  b8fb456d9b2fc1d204669c78a76a168f714b164b36da42791f15961149e0fd07b602f028752b8b6134938e6ea938723257d3d987939073b9235a35ddacfafda6
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm