vjw0rm | 156b59073a696c468476a8c2cf68208fbf6a44efa46a7d908414fdef4ba46a79 | Triage

Sharing

General

Target

Order3208.js
Size

29KB
Sample

211203-pabknsbdh2
MD5

27a5d58d71b7828b41107a4633322834
SHA1

3acc210b5ad56e6965df478312663bb0e9b17565
SHA256

156b59073a696c468476a8c2cf68208fbf6a44efa46a7d908414fdef4ba46a79
SHA512

ebb6732024ae3823e418b6c16567d0f10b8aa422a135bd4de0452632334b410016c55f33444cd38a92663bd431784d9566a1b8f1ebde158f004646156036a168

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://dwal-vesj.duckdns.org:6322

Targets

- Target
  
  Order3208.js
- Size
  
  29KB
- MD5
  
  27a5d58d71b7828b41107a4633322834
- SHA1
  
  3acc210b5ad56e6965df478312663bb0e9b17565
- SHA256
  
  156b59073a696c468476a8c2cf68208fbf6a44efa46a7d908414fdef4ba46a79
- SHA512
  
  ebb6732024ae3823e418b6c16567d0f10b8aa422a135bd4de0452632334b410016c55f33444cd38a92663bd431784d9566a1b8f1ebde158f004646156036a168
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm