vjw0rm | feba41fa23a73bb4435af1d106f8708c407cab64cb02427ff188d7758879cc4b | Triage

Sharing

General

Target

8479772dd8315eb3d9fe1c56592059bba27af48469c41ecfefab5f236d41e5f9.bin.sample.gz
Size

5KB
Sample

230918-rlcyzshg7s
MD5

2c1a4ccda964471955a561c33f4b0f7c
SHA1

353ba4effc33533390d4577b3b8b40a112850db3
SHA256

feba41fa23a73bb4435af1d106f8708c407cab64cb02427ff188d7758879cc4b
SHA512

8ddcaae80196e69eef70a61bcdca6a189042c7700a13feb97d7608425c9cc4106c3d930c1fda2007ba53c604f4005cf27b4054c555d5dd8d984e7a50848b3d09
SSDEEP

96:hl033BID7JsYXPxJI4g1tLwmqXFyhyiGT0HyasUzGAeLNiFmc0Jf2uvNIr:hy33k7JsYXETAr1yhm0SPqfeLNisJffa

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  sample
- Size
  
  28KB
- MD5
  
  b0568396b4ae8ac7ae6a8ceffae96bda
- SHA1
  
  02618eb78c56b57c39467bf329cecced2dc94279
- SHA256
  
  8479772dd8315eb3d9fe1c56592059bba27af48469c41ecfefab5f236d41e5f9
- SHA512
  
  831028a4fc7f2d47b4117835e3ba64cca79eb6ec90112e67da4d0ad3dad21e9652c6905fd77a6f3e5e99495bb2b8a5b1be8a0548bf116e07c8c6a11ddb778e78
- SSDEEP
  
  192:t7kI+DpAeNhiZfSZOMS1drwOfv1AZp4Xrit8p7Xj7V4h14nwq4SGaMaCh43yLqW6:t7kIcpAeNhiBTrdtCeJWCPDl
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm