vjw0rm | 02a75696ab10f5203c0ef720767311d56aa63fb80a3a2191f134a944a84d421b | Triage

Sharing

General

Target

receipt_usps.js
Size

22KB
Sample

211219-ksrmdsghfl
MD5

42c752340356522cee767e5c2afe5f7c
SHA1

153c7a7151a22ae7cb895a64cdaa2ae4bcce6cd4
SHA256

02a75696ab10f5203c0ef720767311d56aa63fb80a3a2191f134a944a84d421b
SHA512

f1c72c16f667597bc39df48fbcf4c7614c8c8f31d75981e7edf9f463d88f7137b74fb44c11222eec6f32aa2e35eaf31e49ad2ef319191c943d0fde23efcc3824

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://zeegod.duckdns.org:9999

Targets

- Target
  
  receipt_usps.js
- Size
  
  22KB
- MD5
  
  42c752340356522cee767e5c2afe5f7c
- SHA1
  
  153c7a7151a22ae7cb895a64cdaa2ae4bcce6cd4
- SHA256
  
  02a75696ab10f5203c0ef720767311d56aa63fb80a3a2191f134a944a84d421b
- SHA512
  
  f1c72c16f667597bc39df48fbcf4c7614c8c8f31d75981e7edf9f463d88f7137b74fb44c11222eec6f32aa2e35eaf31e49ad2ef319191c943d0fde23efcc3824
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm