vjw0rm | 860cae2ca6d44d8d9a34df314e7b3f1a64116f2ebe6279ed160fc2f0d7ebea95 | Triage

Submit
Reports

Overview

overview

Static

static

SYSWOW64.ps1

windows7_x64

7

SYSWOW64.ps1

windows10-2004_x64

Sharing

General

Target

SYSWOW64.PS1
Size

3KB
Sample

220622-vs5jcsceg6
MD5

0866c5b72df63add6f9884806682308a
SHA1

6b157db9a413b8e7d7c33b8b4a5713cdbf6f4dea
SHA256

860cae2ca6d44d8d9a34df314e7b3f1a64116f2ebe6279ed160fc2f0d7ebea95
SHA512

bc865a758fa7790e346a7ebb19cd3a3871f7aa16b88b80116bad0846d88104203f81bfd4bf73c46b1d770950c6ff0b48475e313277d51171c42227fe3128b82b

Score

10^/10

vjw0rm trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

SYSWOW64.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SYSWOW64.ps1

Resource

win10v2004-20220414-en

vjw0rm trojan worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

vjw0rm

C2

http://rick63.publicvm.com:1849

Targets

- Target
  
  SYSWOW64.PS1
- Size
  
  3KB
- MD5
  
  0866c5b72df63add6f9884806682308a
- SHA1
  
  6b157db9a413b8e7d7c33b8b4a5713cdbf6f4dea
- SHA256
  
  860cae2ca6d44d8d9a34df314e7b3f1a64116f2ebe6279ed160fc2f0d7ebea95
- SHA512
  
  bc865a758fa7790e346a7ebb19cd3a3871f7aa16b88b80116bad0846d88104203f81bfd4bf73c46b1d770950c6ff0b48475e313277d51171c42227fe3128b82b
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

vjw0rmtrojanworm

© 2018-2024

Terms | Privacy