vjw0rm | 147c6f6119d64b4bbb5f2ff00d0d0883f63a6bfe53e382453d977190ddf7a02f | Triage

Sharing

General

Target

JaffaCakes118_147c6f6119d64b4bbb5f2ff00d0d0883f63a6bfe53e382453d977190ddf7a02f
Size

3KB
Sample

241225-g9c9jszncx
MD5

aeba1a9feea92d25bfd71b293af63b66
SHA1

9b82068b60c03554e964e436d473d88266f267f9
SHA256

147c6f6119d64b4bbb5f2ff00d0d0883f63a6bfe53e382453d977190ddf7a02f
SHA512

d2d7964c3791ec1b699dda9a0926f6cc71621633c85411e335a18c2e46fb99c928ab01e5c9bef292ee284c6d90908930e0ff5366e4b2cafbe11df1830245c0d6

Score

10^/10

vjw0rm execution persistence trojan worm

Malware Config

Targets

- Target
  
  aTQVxeggsb.js
- Size
  
  8KB
- MD5
  
  4640bf09b44ca4571713b1ecb5178f44
- SHA1
  
  99abf89b86d719c9a91af0872f6325862a620fbf
- SHA256
  
  f3f74f1914f4d54063e864afe9c93b28a3ac77bf4aa6306e42c0cedd894fc004
- SHA512
  
  3b17a47f3bd6bceb57357610f93de1490436bb346c3ac62d1a5bef2d62b6148671aa1bd83e20da33576284a838f7459b205bd87e54d29b04fdf94e24bb371436
- SSDEEP
  
  192:tm3vmw3VYxb0MTkLRg9JqdDYGfABD/cx6ZxInudf3e:tm3uw3mxbaOJqnfAlC6Xdf3e
Score

10^/10

vjw0rm execution persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmexecutionpersistencetrojanworm

behavioral2

vjw0rmexecutionpersistencetrojanworm