vjw0rm | 75f7fbc1c24b068d9c68c30a57ee25fb9c52c68438e64789d5b6d857c04d476a | Triage

Sharing

General

Target

75f7fbc1c24b068d9c68c30a57ee25fb9c52c68438e64789d5b6d857c04d476a
Size

1.2MB
Sample

240219-xvganabb7v
MD5

7cddae8c509af7b00b4cb7ebcfa7e84d
SHA1

c44b05917bd210586bdf306b4e405f0f7b3d294f
SHA256

75f7fbc1c24b068d9c68c30a57ee25fb9c52c68438e64789d5b6d857c04d476a
SHA512

283336d55d5b9c3f66cf63cdb0cf9fe09057a8dfcd6b8ac18c536496e983ff8aaacf6f3c35d4a15cbe8f54ac89656c56f443b49f96b66f3672bf44663fa6f94c
SSDEEP

192:odvLEfvBkYZVhDrLlriXcCnTBw5BdnldCrNHo:kTEfJtVp1U

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Targets

- Target
  
  54676885.js
- Size
  
  6KB
- MD5
  
  edd277e7a04ec062c49bafdb7d8b07af
- SHA1
  
  1ff9c18bacf61a830f4f7001c5e19f8868ceb6b8
- SHA256
  
  9b647c40e98c2de028ce703d6b5558b6a9a9d75a59c7cdd81d78e71aea0c25d7
- SHA512
  
  fe118202237beae08ed786fa6905c418e18c9b27a40083911ebe77bd23c7584124eb5ff4422a0b9f9d49f7dbc7a618b2a30cefc938cdbcb36cc30d6b711778af
- SSDEEP
  
  96:FnYZH1uypXd3HofJBslCFGJc9lBdqlr+bXcCnTBw5BdeCldb+rNeUo0:BYZVhDrLlriXcCnTBw5BdnldCrNHo0
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm