vjw0rm | 9195a973bdb10571cfbeed43a341b4ed19e2d8e281147a7aaaf53debaa72d448 | Triage

Sharing

General

Target

Historial de multas vencidas.js
Size

23KB
Sample

220406-qp3hdadbe6
MD5

8a39e82cb51d121c09e257308c889717
SHA1

8842e3c5818d8bda0e434544757e2613d534effd
SHA256

9195a973bdb10571cfbeed43a341b4ed19e2d8e281147a7aaaf53debaa72d448
SHA512

90689e61b20bd6fbadeec64a1c0131dfa690a7fd4478260008779e043100391e4276c7fa0e328c6d94583023952d45f165a8a8afcd123c58929b601494789302

Score

10^/10

vjw0rm trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://antgobec.duckdns.org:7971

Targets

- Target
  
  Historial de multas vencidas.js
- Size
  
  23KB
- MD5
  
  8a39e82cb51d121c09e257308c889717
- SHA1
  
  8842e3c5818d8bda0e434544757e2613d534effd
- SHA256
  
  9195a973bdb10571cfbeed43a341b4ed19e2d8e281147a7aaaf53debaa72d448
- SHA512
  
  90689e61b20bd6fbadeec64a1c0131dfa690a7fd4478260008779e043100391e4276c7fa0e328c6d94583023952d45f165a8a8afcd123c58929b601494789302
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm