Overview

overview

10

Static

static

1

Order_2944208.p.js

windows7-x64

10

Order_2944208.p.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6cf7c7e5ace510f175a4bf7a0110cdf_JaffaCakes118

  • Size

    2KB

  • Sample

    240617-fb13aayfjq

  • MD5

    b6cf7c7e5ace510f175a4bf7a0110cdf

  • SHA1

    96e8a5e94f15e0337934dc049d584441370cf84e

  • SHA256

    67cc5bf1069e52991c6e15ec0265b5432a5cb1a7bb525bc034f73090646a6d52

  • SHA512

    adadd29667fbe0873545d2b0ee9345fe8df603eb00ea0b3d975333dfe2adf248c8bbee0472637b8342cbbccbde197279815eb99f160971a103c2e063b67dbf92

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://postventa-vodafone.duckdns.org:5000

Targets

    • Target

      Order_2944208.p.js

    • Size

      25KB

    • MD5

      8f0dc2fb0c0a66b14c00caba6d701cba

    • SHA1

      6e1181dcad0d5fdb2397c728b9da259195949332

    • SHA256

      a3c7ed48ab07e2a757b8fa6fe61a4f56cf18193cf651dcdbc85f4c710546c347

    • SHA512

      0af9a3213360db5a33a6a5129e973edfd0af450609e67cfc6835f7f202c49baed2d8f3c1560a879760579aebc852f5ca0658095ba3f40254a82f868deb5dbed9

    • SSDEEP

      768:UAP5fvT+ydvBoRjbSYcSqaqAg0ruV3i8Zg/SizIY6gFOKrywg1SYcSqUHipAMFng:U74zT

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks