vjw0rm | 621e2bdac8e7b01a1f6823496ecffa8aa552136dc11bfdbb88be2b44d59ede57 | Triage

Sharing

General

Target

ESDAOPMDGJW.js.zip
Size

20KB
Sample

211221-ycr5waeeb9
MD5

12acb9f596c4a7887376bb340b76da38
SHA1

1f36f98e401ecc9fcf3855b2d0c046f46a30105f
SHA256

621e2bdac8e7b01a1f6823496ecffa8aa552136dc11bfdbb88be2b44d59ede57
SHA512

85473be13f7e19f86e82ae4488d397a5afabfe0bfe19aa4c3ac2d72ac7e513baa925ac3e9d830a52154deafc913efab7d8fa930962b54e6548ee907da3e9ab69

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  ESDAOPMDGJW.js
- Size
  
  55KB
- MD5
  
  1a2ea3f42fd43a6d0133f11b1c4f3a01
- SHA1
  
  dac15bb13bf9336397405bb6d4b8499823b1bf96
- SHA256
  
  670632fdc0765b6ffb85dea661fc69f1e03ac526e19c135e0279d1656c350f93
- SHA512
  
  cbdf9180fc765d827a732bfbabd1a733d8577b3da7bd33bfc22cba614d162dd502cc21ba932fbfbf662832dd5065f2af183b8f7a774b34405de93372b6768c9c
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm