Overview

overview

10

Static

static

1

f43fead415...18.iso

windows7-x64

3

f43fead415...18.iso

windows10-2004-x64

3

W091.js

windows7-x64

10

W091.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f43fead415dba5687e256d5672837750_JaffaCakes118

  • Size

    74KB

  • Sample

    240416-y4envsdc2w

  • MD5

    f43fead415dba5687e256d5672837750

  • SHA1

    15d2d02ceb41cb1ccae25a81643d81a35ec94756

  • SHA256

    b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64

  • SHA512

    3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c

  • SSDEEP

    192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      f43fead415dba5687e256d5672837750_JaffaCakes118

    • Size

      74KB

    • MD5

      f43fead415dba5687e256d5672837750

    • SHA1

      15d2d02ceb41cb1ccae25a81643d81a35ec94756

    • SHA256

      b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64

    • SHA512

      3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c

    • SSDEEP

      192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ

    Score
    3/10
    behavioral1behavioral2

    • Target

      W091.js

    • Size

      12KB

    • MD5

      173fd53dae86a5a6b7c4af3e08c06539

    • SHA1

      601f17247f330e78776eaa58fbd6fa1a3fbdf9f8

    • SHA256

      c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7

    • SHA512

      a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc

    • SSDEEP

      192:eqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJy:eqUVfBPwhUGK/665GSNvL/yTvSJy

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks