vjw0rm | f16c66e9093e8357697dee345f91ae04cb930c14bdb416c688cbbbaa957f61b9 | Triage

Sharing

General

Target

run.vbs
Size

2KB
Sample

250124-xhz71aspav
MD5

fe141a7870cdfc98d359c8f0f9bf160f
SHA1

d32577b8ba6d761c4ca0c03ebeb0e46799d92090
SHA256

f16c66e9093e8357697dee345f91ae04cb930c14bdb416c688cbbbaa957f61b9
SHA512

7f13c9ceeaa368bacbe9e91cfd848bfda1811a24a05533d45bea5cf8165c0ce4e9fc47107c1fe4d876ba0c8fe187b9c7b97419d0adbe9a2a4caaae49eb79b65b

Score

10^/10

vjw0rm trojan worm

Malware Config

Extracted

Family

vjw0rm

C2

http://185.208.156.153:6656

Targets

- Target
  
  run.vbs
- Size
  
  2KB
- MD5
  
  fe141a7870cdfc98d359c8f0f9bf160f
- SHA1
  
  d32577b8ba6d761c4ca0c03ebeb0e46799d92090
- SHA256
  
  f16c66e9093e8357697dee345f91ae04cb930c14bdb416c688cbbbaa957f61b9
- SHA512
  
  7f13c9ceeaa368bacbe9e91cfd848bfda1811a24a05533d45bea5cf8165c0ce4e9fc47107c1fe4d876ba0c8fe187b9c7b97419d0adbe9a2a4caaae49eb79b65b
Score

10^/10

vjw0rm trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmtrojanworm

behavioral2

vjw0rmtrojanworm