vjw0rm | 01d054cd2603ce870238d359b7e99b57cca29067fd8b085f2ba7da6945f53e89 | Triage

Sharing

General

Target

d2e1a1514060fc9eeedb26f298acb69d
Size

6KB
Sample

231220-sjwhzseff6
MD5

d2e1a1514060fc9eeedb26f298acb69d
SHA1

dc7feea84379ed080716130ca2f52cfe9e3b02ca
SHA256

01d054cd2603ce870238d359b7e99b57cca29067fd8b085f2ba7da6945f53e89
SHA512

960803ae1fc8417c705be6442961bf10225c7d7af9d9184c54552a82a960863d19e66b84294a9246cc79146dd8fc228f8b943e9b19ed81087f5ce25bfc976dcd
SSDEEP

192:gdbmbQBUJCVl3ugnnWAka/BRMKpUXdRqZk8I73WyDEUXi6:KS+bz3uQWAksMIZAWPCX

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  d2e1a1514060fc9eeedb26f298acb69d
- Size
  
  6KB
- MD5
  
  d2e1a1514060fc9eeedb26f298acb69d
- SHA1
  
  dc7feea84379ed080716130ca2f52cfe9e3b02ca
- SHA256
  
  01d054cd2603ce870238d359b7e99b57cca29067fd8b085f2ba7da6945f53e89
- SHA512
  
  960803ae1fc8417c705be6442961bf10225c7d7af9d9184c54552a82a960863d19e66b84294a9246cc79146dd8fc228f8b943e9b19ed81087f5ce25bfc976dcd
- SSDEEP
  
  192:gdbmbQBUJCVl3ugnnWAka/BRMKpUXdRqZk8I73WyDEUXi6:KS+bz3uQWAksMIZAWPCX
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm