Overview

overview

10

Static

static

1

f43fead415...18.iso

windows7-x64

3

f43fead415...18.iso

windows10-2004-x64

3

W091.js

windows7-x64

10

W091.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f43fead415dba5687e256d5672837750_JaffaCakes118

  • Size

    74KB

  • Sample

    241215-qxndesxmfr

  • MD5

    f43fead415dba5687e256d5672837750

  • SHA1

    15d2d02ceb41cb1ccae25a81643d81a35ec94756

  • SHA256

    b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64

  • SHA512

    3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c

  • SSDEEP

    192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      f43fead415dba5687e256d5672837750_JaffaCakes118

    • Size

      74KB

    • MD5

      f43fead415dba5687e256d5672837750

    • SHA1

      15d2d02ceb41cb1ccae25a81643d81a35ec94756

    • SHA256

      b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64

    • SHA512

      3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c

    • SSDEEP

      192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ

    Score
    3/10
    behavioral1behavioral2

    • Target

      W091.js

    • Size

      12KB

    • MD5

      173fd53dae86a5a6b7c4af3e08c06539

    • SHA1

      601f17247f330e78776eaa58fbd6fa1a3fbdf9f8

    • SHA256

      c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7

    • SHA512

      a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc

    • SSDEEP

      192:eqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJy:eqUVfBPwhUGK/665GSNvL/yTvSJy

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.