General
-
Target
8f11e325ac4400823e67e258fc1a4ed9_JaffaCakes118
-
Size
12KB
-
Sample
241104-eps36atble
-
MD5
8f11e325ac4400823e67e258fc1a4ed9
-
SHA1
f37a67d9bc24dcdb3b77b6b488330d04b656929a
-
SHA256
64a7d06b9738cead068c2fb63c961fd22ebb4c78d36a7416f6f8c47cca10163b
-
SHA512
c51afd4082cc2e70520be6e1a480fb5bd5be9886848aae7347eaae121bb2bc65e56b4f37cb388b8fc063d9398ff55701684f7436faaeaae5d4aee6833411474a
-
SSDEEP
192:ey7guLpP0B6FSmV5k0p3QuGGhRuW2ZoWHzheY1bb7Iq7Lz4j/PKdENr1wr4VJmUj:e+g/B6FV5FQtGhcW8R99h3L4jHq2r1f7
Malware Config
Targets
-
-
Target
8f11e325ac4400823e67e258fc1a4ed9_JaffaCakes118
-
Size
12KB
-
MD5
8f11e325ac4400823e67e258fc1a4ed9
-
SHA1
f37a67d9bc24dcdb3b77b6b488330d04b656929a
-
SHA256
64a7d06b9738cead068c2fb63c961fd22ebb4c78d36a7416f6f8c47cca10163b
-
SHA512
c51afd4082cc2e70520be6e1a480fb5bd5be9886848aae7347eaae121bb2bc65e56b4f37cb388b8fc063d9398ff55701684f7436faaeaae5d4aee6833411474a
-
SSDEEP
192:ey7guLpP0B6FSmV5k0p3QuGGhRuW2ZoWHzheY1bb7Iq7Lz4j/PKdENr1wr4VJmUj:e+g/B6FV5FQtGhcW8R99h3L4jHq2r1f7
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1