vjw0rm | 65a5e1335abbb080afb19e50344c99015f6c217d8d89bb5ab472f2d43b2d81ce | Triage

Sharing

General

Target

Su98361437_pdf.zip
Size

300KB
Sample

230827-pmywqshe55
MD5

6d2637d4028d2e2c3a2aaae4f907eb9e
SHA1

51da311a333198d12db1c19f51948ad685a00bf3
SHA256

65a5e1335abbb080afb19e50344c99015f6c217d8d89bb5ab472f2d43b2d81ce
SHA512

a8222f342db6c5abbc8f0b78abf08396a4d3652d66cac3ccb26fe743516cbba7d9cea67947c2323cbde02f60a7fdbc5959333fa411f5cd014054ff26ed47fa49
SSDEEP

96:RcDh7CsrfMDG+nhdfmeQbFqc88888888888888888gs:CNbgXhdjQxqx

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://sundayjs7250.duckdns.org:7250

Targets

- Target
  
  Su98361437_pdf.js
- Size
  
  300.0MB
- MD5
  
  ba45d030a5297d7f1459a5e6f4140808
- SHA1
  
  05c81e7770d4935e6ebc840835ec96e323c82450
- SHA256
  
  397d73a1d149fd40a02095fa7b78c04d1467d97c43f6295a4bbabd91fb6f6768
- SHA512
  
  07ce1f81287cfdfe45e4f03b34dbbc37c4bb45280d483421784a03c8f4d77d105e5cc6a7e0355dcd0b82e10770533001a3b226af82c3c3d02b8caf816770c4b5
- SSDEEP
  
  192:oZVhRdS232ZSLuXTqwhVScjNYkJ+cDUz8++p:qVd5uXTqw3ScZYjPANp
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm

behavioral3

vjw0rmpersistencetrojanworm