vjw0rm | c8d6095c008408ed115d8f6e047fe8339358944e23ac151ec6aecb4aeaacd201 | Triage

Sharing

General

Target

#RSWM0226.js
Size

6KB
Sample

210924-se329shce5
MD5

6ab95b5b92a0d2a536fa209c40a19219
SHA1

a87a2902cb2606b8fc2f99f7ae4e1f5461a87c59
SHA256

c8d6095c008408ed115d8f6e047fe8339358944e23ac151ec6aecb4aeaacd201
SHA512

d5a737555d9e9956c5fdb374133b00372aba27c9215351919f111f58abcc20e2c5f9739ff0954cd79436905f74442bacc6feb39854670635ed5796932591faf4

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  #RSWM0226.js
- Size
  
  6KB
- MD5
  
  6ab95b5b92a0d2a536fa209c40a19219
- SHA1
  
  a87a2902cb2606b8fc2f99f7ae4e1f5461a87c59
- SHA256
  
  c8d6095c008408ed115d8f6e047fe8339358944e23ac151ec6aecb4aeaacd201
- SHA512
  
  d5a737555d9e9956c5fdb374133b00372aba27c9215351919f111f58abcc20e2c5f9739ff0954cd79436905f74442bacc6feb39854670635ed5796932591faf4
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm