Overview

overview

10

Static

static

1

8547af690a...118.js

windows7-x64

10

8547af690a...118.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8547af690a9b533d6acd08360f5b18d5_JaffaCakes118

  • Size

    45KB

  • Sample

    240402-ggte3aaa3t

  • MD5

    8547af690a9b533d6acd08360f5b18d5

  • SHA1

    fe393629e5df70bcfef741a70432af6c6a528b27

  • SHA256

    e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a

  • SHA512

    7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d

  • SSDEEP

    768:klrw9II2LrCko3oHRirCWiUG+Odm4aS/pLF8NQEJUP:klK1MrCP3oHRirWUG+OdOqv8NQEJS

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      8547af690a9b533d6acd08360f5b18d5_JaffaCakes118

    • Size

      45KB

    • MD5

      8547af690a9b533d6acd08360f5b18d5

    • SHA1

      fe393629e5df70bcfef741a70432af6c6a528b27

    • SHA256

      e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a

    • SHA512

      7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d

    • SSDEEP

      768:klrw9II2LrCko3oHRirCWiUG+Odm4aS/pLF8NQEJUP:klK1MrCP3oHRirWUG+OdOqv8NQEJS

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks