vjw0rm | 99f6b66f5673e49df93e22b158d96f655c2620e7963c43712491357aef2ad4bb | Triage

Sharing

General

Target

cb4d973520751a756027af396ef263fb.bin
Size

2KB
Sample

231023-l79xysff7y
MD5

d40c20166efa501550353f935a2b21f5
SHA1

67e7d1152369a390569a1a57c11d4da577d3c7fb
SHA256

99f6b66f5673e49df93e22b158d96f655c2620e7963c43712491357aef2ad4bb
SHA512

86fc11fdca25b1c2b508e0db92c9bb4e63d06b08c4fde0c89ca3546207b4801ac05cc531947ca0271f5ab31044fdb769d4c05d4955109a2c8e0765f04a3dbfe1

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://172.245.244.118:7070

Targets

- Target
  
  bdb89a48813d653020c80002b9993bf9e499200860f7158b4d252daa12cbb1db.js
- Size
  
  5KB
- MD5
  
  cb4d973520751a756027af396ef263fb
- SHA1
  
  c6d0ac4edf12a65eedbbe387d8add54a7c0798ae
- SHA256
  
  bdb89a48813d653020c80002b9993bf9e499200860f7158b4d252daa12cbb1db
- SHA512
  
  2ac46c69347e7c093c6fd7044cbf543193afaac790626410db98d0ec1020ff39e4b0eab0d3070380c0e4d5409547ef5530b035970e29cbbbef97b098f58fb9e7
- SSDEEP
  
  96:SABNo5Dyk2c24ZRMHXE6/BIL+Ys+fJ/nDdQqR7bJyKUxvUu/ingHXRZfzYMe/jFT:zSz2c24ZRMlBIaYs+fJ7fRfWingHXRZe
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm