General
-
Target
f09ea4cb206a6520f888d9d380bcc1fa_JaffaCakes118
-
Size
4KB
-
Sample
240921-z1eecstfle
-
MD5
f09ea4cb206a6520f888d9d380bcc1fa
-
SHA1
5dd7210ef96999e0eb9e10e6ed473b7d5a5aa41b
-
SHA256
73484c34ca7516e9da574b6abc0226184d600eb4fdfd84114819b182fa355a1d
-
SHA512
a35dbdaba49a2740708cb5a1490778411d62c52e38e4cffdd5055ad1dd02638fbcd373fca8ea649f1f81aa841fe9ae0cbc90bd6159ea4ffba20826cd7e81a410
-
SSDEEP
96:9Y4OfJwKCl/LEmSpJdus7Pe9p4G9rNIN63NIDuL563YuwH0EcNUiA/YIhNC2MY3f:9YbfJi/LyxjDe9PQNvuNvuwRcTYNJMYP
Malware Config
Targets
-
-
Target
f09ea4cb206a6520f888d9d380bcc1fa_JaffaCakes118
-
Size
4KB
-
MD5
f09ea4cb206a6520f888d9d380bcc1fa
-
SHA1
5dd7210ef96999e0eb9e10e6ed473b7d5a5aa41b
-
SHA256
73484c34ca7516e9da574b6abc0226184d600eb4fdfd84114819b182fa355a1d
-
SHA512
a35dbdaba49a2740708cb5a1490778411d62c52e38e4cffdd5055ad1dd02638fbcd373fca8ea649f1f81aa841fe9ae0cbc90bd6159ea4ffba20826cd7e81a410
-
SSDEEP
96:9Y4OfJwKCl/LEmSpJdus7Pe9p4G9rNIN63NIDuL563YuwH0EcNUiA/YIhNC2MY3f:9YbfJi/LyxjDe9PQNvuNvuwRcTYNJMYP
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1