vjw0rm | 6566e970bb140ac6ecdc59a11319c7a0650dbae2c182157e7f51b9bb8502c34e | Triage

Sharing

General

Target

G62J15CB97C53V.js
Size

81KB
Sample

211014-sltgeahhh3
MD5

c5b048b21730de23dabcc6758914a2f7
SHA1

e9d5f9bee531aff20d8c8f64b70e51861b9f6b81
SHA256

6566e970bb140ac6ecdc59a11319c7a0650dbae2c182157e7f51b9bb8502c34e
SHA512

a83d03ce24643e91f40ecaeddefbc55fa2720df6e75f7422e8470caf8e3199b8d8c7783e0665a6d176ea44e1d4f7b6d415e903d7bc25fd2cab3ae4e347005975

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://6800js.duckdns.org:6800

Targets

- Target
  
  G62J15CB97C53V.js
- Size
  
  81KB
- MD5
  
  c5b048b21730de23dabcc6758914a2f7
- SHA1
  
  e9d5f9bee531aff20d8c8f64b70e51861b9f6b81
- SHA256
  
  6566e970bb140ac6ecdc59a11319c7a0650dbae2c182157e7f51b9bb8502c34e
- SHA512
  
  a83d03ce24643e91f40ecaeddefbc55fa2720df6e75f7422e8470caf8e3199b8d8c7783e0665a6d176ea44e1d4f7b6d415e903d7bc25fd2cab3ae4e347005975
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm