vjw0rm | b6f728eff35bdc68e244a1925e4461293d9dcdbf18b4cd1a5706cb0d54e26106 | Triage

Sharing

General

Target

5731508598505472.zip
Size

40KB
Sample

211223-e23hcshffq
MD5

1ec90fe7d181386205db6a2c64312224
SHA1

f6b6da56033e22a34e30d13cfba8228228dc0048
SHA256

b6f728eff35bdc68e244a1925e4461293d9dcdbf18b4cd1a5706cb0d54e26106
SHA512

7e531ca54214b13585e8cbe61d52d62a483693f1e7637035700f754576e2b05111cff2fe231b76124f4b18f732d0cc595b3b06c96d7a94f509a97f7fcbe48bff

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://spdxx.ddns.net:5050

Targets

- Target
  
  04094fa56fe4dc175f9dc4ca63918638ca99b32b4de44fc21f14d5f5122016f6
- Size
  
  124KB
- MD5
  
  18765c6b1a20d6d90603230bca72c903
- SHA1
  
  874af995240ebd57aef18e00fcaa0f0f43583b85
- SHA256
  
  04094fa56fe4dc175f9dc4ca63918638ca99b32b4de44fc21f14d5f5122016f6
- SHA512
  
  3c58a98356b3b051797477d1e10cf2f469bed924d97edcd411b98c92436d4e3b4b91e650a0828583092ead6abd755bfdd641b95b4e0ed4e0e9ed75656ab0a5d5
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm