General
-
Target
e25cebe6ff7949f6702de3064f3ff08e_JaffaCakes118
-
Size
1.0MB
-
Sample
240915-nfskps1djh
-
MD5
e25cebe6ff7949f6702de3064f3ff08e
-
SHA1
667e807e55d32930021617115b9b64c741693f95
-
SHA256
3be1a84dcfb3df26e4e13f9c14cd25c953e9c2dfb57e6c45cf6518191e12994f
-
SHA512
1c5d6015153b9fec26a6191f7885b51a6686582fcf1ded0534725427eeeace3cbbf7cc624fefc6f747cb6a3230b8b0f74f0ae13c627eec04e275e048fef525e9
-
SSDEEP
24576:PceRmmvdxN/CeZX3UmVKkqc1YgXm7Xqh2YGB5EtvSOvUirDDJXsc2YufDBAumzN:PfRmmvLN6el3U/c1Yg6QbGktvSOsIpcq
Malware Config
Targets
-
-
Target
spreadsheet.js
-
Size
1.7MB
-
MD5
cc5e5d9b621a56663eb34f4eeddf6e80
-
SHA1
299ec27392d7b8e6cb8baf5e8bc869e923b93cc3
-
SHA256
1087d3963b9e8782b8830941e590779a06bf7f31c847a15a7d0abe5b00c4befa
-
SHA512
083c77f31b9d4d8fa8d9118335e828a7af4d3ea2cadd4085671645c02ec238373f56461d29f0a43f45815aa33255a6a19aa0d81a5f56be794caf2cc6a11e5422
-
SSDEEP
24576:NCjlq3mSrMaJ5L276C04RfG5l0mNRuCEsCBCO+fIJSte6vThexf4yaoJuYMM:hd2GhANGIppN5
Score10/10-
AdWind
A Java-based RAT family operated as malware-as-a-service.
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1