Overview

overview

10

Static

static

1

G47C4A2M39G.js

windows7-x64

10

G47C4A2M39G.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ac62ea26d916b7ed53e7afeb181fe5c_JaffaCakes118

  • Size

    7KB

  • Sample

    240403-ad7pyshg84

  • MD5

    9ac62ea26d916b7ed53e7afeb181fe5c

  • SHA1

    2085e5d746839a8e68220594804a5d67aa5634b7

  • SHA256

    43ef5813821769bf44ecc1036275ccd12c04901914bd0b64e967f736579ee0f2

  • SHA512

    f247f5dedf1929258b2b448e048b948256345bee10951b240b0c99385d5b4c277a062fd407aeece4df0011cc3baf3a0cc2923ca0f06609535a7242e08469ac16

  • SSDEEP

    192:hKqy4tIObH0xy+3VWYG1tc6h76aVG5MzHGS:hKYbH0xy+3VW11tc696aVSMzHGS

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      G47C4A2M39G.js

    • Size

      81KB

    • MD5

      74229d35e52cb89fa859f397a55cf590

    • SHA1

      dea9ff00836eb970524a2ea0ae20b24990b918ad

    • SHA256

      875e7fd7d02db4e381cd7facd6ab1f6b5e643e12ecf76bfccdf431ef6169a448

    • SHA512

      22f25fca1ff5325586be6e9c854fbc32b103f502a5d003f3c5fe0ef9739da0f6dcb931c5ecc6f51e1008c092b726d35545ff575e9ea0d21ccb88b70a55af27fc

    • SSDEEP

      192:/jTKDrSsWruBc3N19erDL1ow9yQ9y9JkLE6+61Wsz+fr+5inP7TvsC+U6OEsO+oU:rTvPi/vmw4R/4K/Ktg

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks