vjw0rm | cffb071d85ac7db9a68460e0128f0b14544c8186a7edc5da07de1e82068049ba | Triage

Sharing

General

Target

cffb071d85ac7db9a68460e0128f0b14544c8186a7edc5da07de1e82068049ba
Size

67KB
Sample

220521-xaqnlaeehq
MD5

0ada3a5e5a1c79b8c5f62097063f39ed
SHA1

806fcb782e7129ebd60aca7f40d3d5ec0d55e9e3
SHA256

cffb071d85ac7db9a68460e0128f0b14544c8186a7edc5da07de1e82068049ba
SHA512

d53d88215729bbb5cd4f7f3415a1564046f232820baf8b3aba0ed29345cb6ca13c1b23e9c75c874ee2f4738e77aaba9c133d3f17db0a0bd44fb7986be09b3950

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  cffb071d85ac7db9a68460e0128f0b14544c8186a7edc5da07de1e82068049ba
- Size
  
  67KB
- MD5
  
  0ada3a5e5a1c79b8c5f62097063f39ed
- SHA1
  
  806fcb782e7129ebd60aca7f40d3d5ec0d55e9e3
- SHA256
  
  cffb071d85ac7db9a68460e0128f0b14544c8186a7edc5da07de1e82068049ba
- SHA512
  
  d53d88215729bbb5cd4f7f3415a1564046f232820baf8b3aba0ed29345cb6ca13c1b23e9c75c874ee2f4738e77aaba9c133d3f17db0a0bd44fb7986be09b3950
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm