vjw0rm | 505998d8cb3f4b56a9551138bac8262da3be7813c05b932ebae7eba9dbadc938 | Triage

Sharing

General

Target

4988109_Payment_Invoice_Receipt.js
Size

81KB
Sample

211206-hjmkzagcc4
MD5

f3592ef1ba926bbbe23fd3733d65c4d9
SHA1

d38daa37f82b1da083d88cd5b4d85962b07e1589
SHA256

505998d8cb3f4b56a9551138bac8262da3be7813c05b932ebae7eba9dbadc938
SHA512

638de28505536930c4e78aa3cdfd97cd9580efbfd0bc6b534ab9f715227c563eba6b33068910766253c822c2d799e0ee650426488495274e49377b77e000c14e

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://3000js.duckdns.org:3000

Targets

- Target
  
  4988109_Payment_Invoice_Receipt.js
- Size
  
  81KB
- MD5
  
  f3592ef1ba926bbbe23fd3733d65c4d9
- SHA1
  
  d38daa37f82b1da083d88cd5b4d85962b07e1589
- SHA256
  
  505998d8cb3f4b56a9551138bac8262da3be7813c05b932ebae7eba9dbadc938
- SHA512
  
  638de28505536930c4e78aa3cdfd97cd9580efbfd0bc6b534ab9f715227c563eba6b33068910766253c822c2d799e0ee650426488495274e49377b77e000c14e
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm