Overview

overview

10

Static

static

1

2bf8b80d12...18.exe

windows7-x64

10

2bf8b80d12...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bf8b80d12f72c06d8566797f1829d70_JaffaCakes118

  • Size

    224KB

  • Sample

    240329-y5sbcahf75

  • MD5

    2bf8b80d12f72c06d8566797f1829d70

  • SHA1

    37d029aad8531adeeea53cd3a549390c3a913627

  • SHA256

    81b6fe197e9493963fd3e66ebae93ee92f586bd9bd8fa275e3ea0e0723975dd2

  • SHA512

    7579eed96a37747a8b97791b83f1efd410f19d52be0e00a62165ba8c437842c03af63f47fe34a220daaddaa7d0bf42122820da3b16c850e31b49996c2ff0086c

  • SSDEEP

    3072:q8aQs4BSCpikIp8PwzjdIC0fyEixcHw2m45UpXMhv8XWaOKHmv1z0oo0KXDDlxG3:qTDOHnSP9IRfypSsX500oHKXXG+PZMx

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      2bf8b80d12f72c06d8566797f1829d70_JaffaCakes118

    • Size

      224KB

    • MD5

      2bf8b80d12f72c06d8566797f1829d70

    • SHA1

      37d029aad8531adeeea53cd3a549390c3a913627

    • SHA256

      81b6fe197e9493963fd3e66ebae93ee92f586bd9bd8fa275e3ea0e0723975dd2

    • SHA512

      7579eed96a37747a8b97791b83f1efd410f19d52be0e00a62165ba8c437842c03af63f47fe34a220daaddaa7d0bf42122820da3b16c850e31b49996c2ff0086c

    • SSDEEP

      3072:q8aQs4BSCpikIp8PwzjdIC0fyEixcHw2m45UpXMhv8XWaOKHmv1z0oo0KXDDlxG3:qTDOHnSP9IRfypSsX500oHKXXG+PZMx

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks