vjw0rm | d6b19a4522d42fc22a9f6872fa48203c7c64ebcc769157e372d390c1c96ed746 | Triage

Sharing

General

Target

js-decoded-2.js
Size

3KB
Sample

211208-tk11jagcd2
MD5

ba117b8642f2381e72d02038c640beca
SHA1

a9634ae1c4448cbf61a238c988ee5ca8e9b5c849
SHA256

d6b19a4522d42fc22a9f6872fa48203c7c64ebcc769157e372d390c1c96ed746
SHA512

64207d114ab1127b266c539003848bb3a5ab556cf3d0871ce282490e1f09aa302a3c26533bd16a86f966023133d4edd01d0b1c21344fb5f4a35dda09f49aad28

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  js-decoded-2.js
- Size
  
  3KB
- MD5
  
  ba117b8642f2381e72d02038c640beca
- SHA1
  
  a9634ae1c4448cbf61a238c988ee5ca8e9b5c849
- SHA256
  
  d6b19a4522d42fc22a9f6872fa48203c7c64ebcc769157e372d390c1c96ed746
- SHA512
  
  64207d114ab1127b266c539003848bb3a5ab556cf3d0871ce282490e1f09aa302a3c26533bd16a86f966023133d4edd01d0b1c21344fb5f4a35dda09f49aad28
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm