vjw0rm | bdd8a1389c36a9be565f526e3c590b4c4eabbc946b8d25d6791e334aa090ffed | Triage

Sharing

General

Target

wynwormi (1).js
Size

6KB
Sample

221020-md1ymahec2
MD5

c02658d3892d92f451f860901be1ff6e
SHA1

68364e2a981abc87db70afd28c9b70d83c4f25fb
SHA256

bdd8a1389c36a9be565f526e3c590b4c4eabbc946b8d25d6791e334aa090ffed
SHA512

87373410957f63273f21d867d5572119912cadf0f0114bfe2b840fa5eaf7b209f4f38b3032c65a7f031e3cdf93e0ce02017809c6c7e213620f44b474dce98f97
SSDEEP

192:zkiLVbdiHOTZ81U/MBAMzeEC1qOZow5mP8ZMjQaQq59u2PwMpSA20o3UPCv+KXr5:TIIqkosXr4+LSh9fFHvfBE

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://45.139.105.174:6605

Targets

- Target
  
  wynwormi (1).js
- Size
  
  6KB
- MD5
  
  c02658d3892d92f451f860901be1ff6e
- SHA1
  
  68364e2a981abc87db70afd28c9b70d83c4f25fb
- SHA256
  
  bdd8a1389c36a9be565f526e3c590b4c4eabbc946b8d25d6791e334aa090ffed
- SHA512
  
  87373410957f63273f21d867d5572119912cadf0f0114bfe2b840fa5eaf7b209f4f38b3032c65a7f031e3cdf93e0ce02017809c6c7e213620f44b474dce98f97
- SSDEEP
  
  192:zkiLVbdiHOTZ81U/MBAMzeEC1qOZow5mP8ZMjQaQq59u2PwMpSA20o3UPCv+KXr5:TIIqkosXr4+LSh9fFHvfBE
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm