vjw0rm | 936639e100692e6dd885ceca767071ce65b0688781d4b0abd561b6cc99e1eadb | Triage

Sharing

General

Target

3b9087e336a51c6256227c4095d6b749
Size

38KB
Sample

240101-b2ejrahddq
MD5

3b9087e336a51c6256227c4095d6b749
SHA1

48c55dcb26aae4826d4bf49f2b59112565e20b5f
SHA256

936639e100692e6dd885ceca767071ce65b0688781d4b0abd561b6cc99e1eadb
SHA512

b355597660f5acd502ec8fb710f16deaf97277467476745d5c1da2677e46884077fc498a70471ff2da80a1c49a71c59a377442e69784fbec09a6788b209f1008
SSDEEP

96:XNK7tpztcROHcRb+UfL7MHU+d3e74XkDCqs00AKp07llhIx07l49Unf66NGMefYD:A7h0FixS9kgT9h

Score

10^/10

vjw0rm trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://publicvm.camdvr.org:2222

Targets

- Target
  
  3b9087e336a51c6256227c4095d6b749
- Size
  
  38KB
- MD5
  
  3b9087e336a51c6256227c4095d6b749
- SHA1
  
  48c55dcb26aae4826d4bf49f2b59112565e20b5f
- SHA256
  
  936639e100692e6dd885ceca767071ce65b0688781d4b0abd561b6cc99e1eadb
- SHA512
  
  b355597660f5acd502ec8fb710f16deaf97277467476745d5c1da2677e46884077fc498a70471ff2da80a1c49a71c59a377442e69784fbec09a6788b209f1008
- SSDEEP
  
  96:XNK7tpztcROHcRb+UfL7MHU+d3e74XkDCqs00AKp07llhIx07l49Unf66NGMefYD:A7h0FixS9kgT9h
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2