General
-
Target
7f9a9040806cc846490809f2c2fe749e_JaffaCakes118
-
Size
60KB
-
Sample
240801-hzb46sseqc
-
MD5
7f9a9040806cc846490809f2c2fe749e
-
SHA1
22ff082eb71e71911c88a981f15b28ce618cfc3b
-
SHA256
e27a1c2e9575ba9b96d09ba2e8d784d933aff564dffecd214dc6da94be0b974e
-
SHA512
72db7271c8cfed8fd3a675e4603a02ed4a00dd8a7590285279e4b5ac18ae06675a053003a12ccf1a30c3f441f3485b681153068fa5e41a266204079c99151a05
-
SSDEEP
192:W7jehcd5fDAoK080FF9A9kgT9LOdbnDftvZAlhD783:ECA
Malware Config
Targets
-
-
Target
7f9a9040806cc846490809f2c2fe749e_JaffaCakes118
-
Size
60KB
-
MD5
7f9a9040806cc846490809f2c2fe749e
-
SHA1
22ff082eb71e71911c88a981f15b28ce618cfc3b
-
SHA256
e27a1c2e9575ba9b96d09ba2e8d784d933aff564dffecd214dc6da94be0b974e
-
SHA512
72db7271c8cfed8fd3a675e4603a02ed4a00dd8a7590285279e4b5ac18ae06675a053003a12ccf1a30c3f441f3485b681153068fa5e41a266204079c99151a05
-
SSDEEP
192:W7jehcd5fDAoK080FF9A9kgT9LOdbnDftvZAlhD783:ECA
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1