vjw0rm | a174433a80690c315a52012c68ca86c3b03683ff6fd8420a261146d747ba93fb | Triage

Sharing

General

Target

Jsreceipt0193617_pdf.zip
Size

300KB
Sample

230628-yj51baah37
MD5

b3f848fe0250349da6b62939ac0b848e
SHA1

9b15a7ca6b7832c48f028de394bfd0c796bc560a
SHA256

a174433a80690c315a52012c68ca86c3b03683ff6fd8420a261146d747ba93fb
SHA512

c5e46ca54d198a6287769078130b266d21c72efb7a1ca8c9d69ed1be8613619c6e5cc1436665151b1ad86a5533bbd7546060728de4393b783066302cc41717cd
SSDEEP

48:9R5FxZ2g3p6bIsgSSwuLctYJfz7jJmxKJcRwd50e0QAxaVFFFFFFFFFFFFFFFFFg:5FOq6bIsgZjLck/JmxjepXk

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://jsnew9400.duckdns.org:9400

Targets

- Target
  
  Jsreceipt0193617_pdf.js
- Size
  
  300.0MB
- MD5
  
  7108c34a9356846f77c1e827b412ff1a
- SHA1
  
  6d2fffdb1f4bb4d4d6c718591b5a23f5991dfcec
- SHA256
  
  ef0bad7386e17039dc9a15a4dc29f46c8c6db9ccdfd8ca75b6970969dbce7402
- SHA512
  
  e24cada2a7016f22203f70fbcf3a3062d661902a80ccad10d3be54c534df29102f18ec5b3485881f98f8f52abf92a9292c59d56497ab6e97f1572042510f6adf
- SSDEEP
  
  192:mZVhrK1X92Z2ZW3oGDZDE8k324K/5gJx/I8Dg:wV81cSEWzZM
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm