Overview

overview

10

Static

static

1

81a0010758...118.js

windows7-x64

10

81a0010758...118.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81a0010758bb3da2796a7506bfd4aab3_JaffaCakes118

  • Size

    22KB

  • Sample

    240402-ddgejsee8x

  • MD5

    81a0010758bb3da2796a7506bfd4aab3

  • SHA1

    ffc61c27e1a58878878e7b2b44c97ec23c0e09d2

  • SHA256

    3f82447c548d6d623ddc3f9965363df07f52cdf8eda955c55332196ee409e4c6

  • SHA512

    9521ed85e7a83eb890f706add3da9c29d29bd5c5b4a535541df9eb4072f4944fff34643289955ddf37be16f3cf815a8f77392cc656c0bb85506211ec28680779

  • SSDEEP

    384:hPm3uw3AWOAAc5zdEXinFZpPVGfIwwOLPkOxvNVivyJ0h/D5He8hfB31rFa3N7D:h+lwW7xJZptGfLPlvNe5HeaBfa97D

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      81a0010758bb3da2796a7506bfd4aab3_JaffaCakes118

    • Size

      22KB

    • MD5

      81a0010758bb3da2796a7506bfd4aab3

    • SHA1

      ffc61c27e1a58878878e7b2b44c97ec23c0e09d2

    • SHA256

      3f82447c548d6d623ddc3f9965363df07f52cdf8eda955c55332196ee409e4c6

    • SHA512

      9521ed85e7a83eb890f706add3da9c29d29bd5c5b4a535541df9eb4072f4944fff34643289955ddf37be16f3cf815a8f77392cc656c0bb85506211ec28680779

    • SSDEEP

      384:hPm3uw3AWOAAc5zdEXinFZpPVGfIwwOLPkOxvNVivyJ0h/D5He8hfB31rFa3N7D:h+lwW7xJZptGfLPlvNe5HeaBfa97D

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks