vjw0rm | 322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd | Triage

Sharing

General

Target

april.js.js
Size

7KB
Sample

240430-nvbwhabd81
MD5

80f51d08ca4bfe113f107cbddee325a7
SHA1

46bb94527f89b625d5a128279c14d34b6a97bba4
SHA256

322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd
SHA512

23b112582cc951c4c659e6c9053d1d7f27c6f829ee57cbd0a33669ea53827a83eea5327426a419cc8fc8ed659b6e248258f7af56c62341a34ef33b7cd193307c
SSDEEP

192:yhelBslelLSiw7lKRt1VPEZk5ERpRvK8R/FTr4wV:ygvswJSE9PB2fvdhr4wV

Score

10^/10

vjw0rm trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://aprijs7250.duckdns.org:7250

Targets

- Target
  
  april.js.js
- Size
  
  7KB
- MD5
  
  80f51d08ca4bfe113f107cbddee325a7
- SHA1
  
  46bb94527f89b625d5a128279c14d34b6a97bba4
- SHA256
  
  322f0e2a6258571f970fba4d63520695a1ad0809ee2fa511ecc9b1b75744f0cd
- SHA512
  
  23b112582cc951c4c659e6c9053d1d7f27c6f829ee57cbd0a33669ea53827a83eea5327426a419cc8fc8ed659b6e248258f7af56c62341a34ef33b7cd193307c
- SSDEEP
  
  192:yhelBslelLSiw7lKRt1VPEZk5ERpRvK8R/FTr4wV:ygvswJSE9PB2fvdhr4wV
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm