vjw0rm | b6bdfef3e79e823946f0e9b6437d46e23144307565ce91e2a437ca1cdf468b4e | Triage

Sharing

General

Target

07257499.iso
Size

68KB
Sample

230613-n4nlnaga66
MD5

d7def9c25a02693c5890f51dd2f2e2ec
SHA1

12d2ec37991d425e21d315a3c2fa9b2f9002fbcf
SHA256

b6bdfef3e79e823946f0e9b6437d46e23144307565ce91e2a437ca1cdf468b4e
SHA512

5bde3365d14441866530e24cb7d89e14dbb14072be0974446230f6dd3ae19c5acd726ae4ed8ac387f17831277d2cac5d5da698fb2eee2078e93c918e0744063e
SSDEEP

192:kHr4D7ZVh1VsO292ZM6DLKElsAVUh8As:wuVOQGNtaV

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  Accounts_Satatement__2023-0614.js
- Size
  
  6KB
- MD5
  
  28207514dfbe2e049fa6ba1fe6fe978c
- SHA1
  
  31944447fce1bd818fcdbce1990e90590a512966
- SHA256
  
  9e30af630ba15f719d8c377e3a8a99a5c98213fd1a81f2d7895f426b53edf407
- SHA512
  
  04d1e1b6d35660b831bf945e9777ae55fa4101199be54c4b22bff01a462855e1e09994924248297ec2cf7f86a4a0be0156ff66cd7d0ad0ff028268232ecf6a7b
- SSDEEP
  
  96:2ZH1uyLoXI6PoXT2lcJc9hEOHOVSbgZ2BwuxXV8292ZrYEboyYywOLKiHe4TmOMy:2ZVh1VsO292ZM6DLKElsAVUh8AsX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm