General
-
Target
571f2aa265afa032ccb936292b1f7a9c_JaffaCakes118
-
Size
3KB
-
Sample
241018-nbe4tawfmp
-
MD5
571f2aa265afa032ccb936292b1f7a9c
-
SHA1
ee4a088da9a24cdab6acf5722e073770e6844f01
-
SHA256
3f3019756abd91f3321ce5a667903bb7e8dfb92431b4cbee6252e53a3975ed50
-
SHA512
b08ea48a9e2740522a8a305d915d824db3de3d8ecb342be3581a1554eef2c82a3c6a8c2fdad0c63d07beecbd6a4d2156fdbf74115abb50bce85d0828ba5bd326
Malware Config
Targets
-
-
Target
Bonkypay.js
-
Size
39KB
-
MD5
56ca23b7f83cc1d74eb783ff1848b5a5
-
SHA1
fd67a259ecd29886d77c0afb90a66bd8ec22b567
-
SHA256
3aa78c393df682a0c837cd7727ede3adfa3082e27cb636f27feb43845db32ded
-
SHA512
1ae103708708215e35899cc4d93cce9f13476e71344217caeb7021be062dc0bd09520a9e6089643535a72bbefb816d41c4ebc3265ba72a4de6a273ed958f2296
-
SSDEEP
768:BAPRfvT+ydvBoRjbSYcSqaqAg0ruV3i8Zg/SizIY6gFLxKrywg1SYcSqUHa/pAM8:Bw4zj
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1