vjw0rm | 7f2fb0a3a6b84705ed3440f3a284b947c57d97ee21dafd6e0ce8e691dabc1628 | Triage

Sharing

General

Target

87165304PaymentInvoiceReceipt.js
Size

81KB
Sample

211206-eeg8xagag7
MD5

dc3a4c8f39d6969e83d6bf43e207bd56
SHA1

3c5731d3ed4f8bb7ddc400c1f53d61ed6f191f4e
SHA256

7f2fb0a3a6b84705ed3440f3a284b947c57d97ee21dafd6e0ce8e691dabc1628
SHA512

7464f5f8668e5fe3d1855a7306d2074486b53e1d56ae274be7db5c1fc802039854d5e6188f9152f5fcbc54c5383ba7dd30e4755cbce9766a0b51945b660033fa

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://3000js.duckdns.org:3000

Targets

- Target
  
  87165304PaymentInvoiceReceipt.js
- Size
  
  81KB
- MD5
  
  dc3a4c8f39d6969e83d6bf43e207bd56
- SHA1
  
  3c5731d3ed4f8bb7ddc400c1f53d61ed6f191f4e
- SHA256
  
  7f2fb0a3a6b84705ed3440f3a284b947c57d97ee21dafd6e0ce8e691dabc1628
- SHA512
  
  7464f5f8668e5fe3d1855a7306d2074486b53e1d56ae274be7db5c1fc802039854d5e6188f9152f5fcbc54c5383ba7dd30e4755cbce9766a0b51945b660033fa
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm