vjw0rm | 9e30af630ba15f719d8c377e3a8a99a5c98213fd1a81f2d7895f426b53edf407 | Triage

Sharing

General

Target

04075799.js
Size

6KB
Sample

230614-pgc23sgf86
MD5

28207514dfbe2e049fa6ba1fe6fe978c
SHA1

31944447fce1bd818fcdbce1990e90590a512966
SHA256

9e30af630ba15f719d8c377e3a8a99a5c98213fd1a81f2d7895f426b53edf407
SHA512

04d1e1b6d35660b831bf945e9777ae55fa4101199be54c4b22bff01a462855e1e09994924248297ec2cf7f86a4a0be0156ff66cd7d0ad0ff028268232ecf6a7b
SSDEEP

96:2ZH1uyLoXI6PoXT2lcJc9hEOHOVSbgZ2BwuxXV8292ZrYEboyYywOLKiHe4TmOMy:2ZVh1VsO292ZM6DLKElsAVUh8AsX

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://corewo4romocm.duckdns.org:7971

Targets

- Target
  
  04075799.js
- Size
  
  6KB
- MD5
  
  28207514dfbe2e049fa6ba1fe6fe978c
- SHA1
  
  31944447fce1bd818fcdbce1990e90590a512966
- SHA256
  
  9e30af630ba15f719d8c377e3a8a99a5c98213fd1a81f2d7895f426b53edf407
- SHA512
  
  04d1e1b6d35660b831bf945e9777ae55fa4101199be54c4b22bff01a462855e1e09994924248297ec2cf7f86a4a0be0156ff66cd7d0ad0ff028268232ecf6a7b
- SSDEEP
  
  96:2ZH1uyLoXI6PoXT2lcJc9hEOHOVSbgZ2BwuxXV8292ZrYEboyYywOLKiHe4TmOMy:2ZVh1VsO292ZM6DLKElsAVUh8AsX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm