vjw0rm | bdb89a48813d653020c80002b9993bf9e499200860f7158b4d252daa12cbb1db | Triage

Sharing

General

Target

Invoice Payment_PDF.js
Size

5KB
Sample

231103-fvxtzace5x
MD5

cb4d973520751a756027af396ef263fb
SHA1

c6d0ac4edf12a65eedbbe387d8add54a7c0798ae
SHA256

bdb89a48813d653020c80002b9993bf9e499200860f7158b4d252daa12cbb1db
SHA512

2ac46c69347e7c093c6fd7044cbf543193afaac790626410db98d0ec1020ff39e4b0eab0d3070380c0e4d5409547ef5530b035970e29cbbbef97b098f58fb9e7
SSDEEP

96:SABNo5Dyk2c24ZRMHXE6/BIL+Ys+fJ/nDdQqR7bJyKUxvUu/ingHXRZfzYMe/jFT:zSz2c24ZRMlBIaYs+fJ7fRfWingHXRZe

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://172.245.244.118:7070

Targets

- Target
  
  Invoice Payment_PDF.js
- Size
  
  5KB
- MD5
  
  cb4d973520751a756027af396ef263fb
- SHA1
  
  c6d0ac4edf12a65eedbbe387d8add54a7c0798ae
- SHA256
  
  bdb89a48813d653020c80002b9993bf9e499200860f7158b4d252daa12cbb1db
- SHA512
  
  2ac46c69347e7c093c6fd7044cbf543193afaac790626410db98d0ec1020ff39e4b0eab0d3070380c0e4d5409547ef5530b035970e29cbbbef97b098f58fb9e7
- SSDEEP
  
  96:SABNo5Dyk2c24ZRMHXE6/BIL+Ys+fJ/nDdQqR7bJyKUxvUu/ingHXRZfzYMe/jFT:zSz2c24ZRMlBIaYs+fJ7fRfWingHXRZe
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm