Overview

overview

10

Static

static

1

Pending - ...326.js

windows7-x64

10

Pending - ...326.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    212acdc5097e172ddc1531102a637bc6_JaffaCakes118

  • Size

    13KB

  • Sample

    240507-vwr3fafh9w

  • MD5

    212acdc5097e172ddc1531102a637bc6

  • SHA1

    28625faed720043275d5fd1428ee28b9a6e20b31

  • SHA256

    b1ac0a1c5deb56c3668b79edcbbdba248ce5d8ff798e6f18f64626f5ba3427a7

  • SHA512

    fe2596dd58dc8220a9044ac0c7cd821e78f8385d78d023861a0e88fc1b32c830ce1007e5f1e512b9c081b9a4f0beb917648652a3c821edc96269d04579675ac2

  • SSDEEP

    384:BDTTmkJy7oBNlrHECimzI0CP4kthbbrBY8MJP9jxCdk:9TVbBNlzTlM9gkthbvBY/Gk

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      Pending - AWB 8020072326.js

    • Size

      25KB

    • MD5

      1826cdc5e33da035d66fb04375289ccd

    • SHA1

      42cd583dd99548c2a1408b3fc3056ac9247f914d

    • SHA256

      ccdd1042d5bb499047575474d90ea911629261381b5992e91cc57e9d07eb0b1e

    • SHA512

      a7c72283ca79a1e7f0dddcf72906be40309fb4800c9ba911ef8f7e4921cc0ff25a903a7c5e97337ac27297632284cecc0422d993b191356485e9fec78251d2b6

    • SSDEEP

      384:pwL0wdDK1BaBjzWWxcJqoMXvW2aE2uLULwHHYBmRipLw5I5PvHTHXJ1JHSvVDD4k:inKzgePLwn78AI5PjJsVDD4f7dOpO+

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks