General
-
Target
f43fead415dba5687e256d5672837750_JaffaCakes118
-
Size
74KB
-
Sample
241215-qxndesxmfr
-
MD5
f43fead415dba5687e256d5672837750
-
SHA1
15d2d02ceb41cb1ccae25a81643d81a35ec94756
-
SHA256
b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64
-
SHA512
3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c
-
SSDEEP
192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ
Malware Config
Targets
-
-
Target
f43fead415dba5687e256d5672837750_JaffaCakes118
-
Size
74KB
-
MD5
f43fead415dba5687e256d5672837750
-
SHA1
15d2d02ceb41cb1ccae25a81643d81a35ec94756
-
SHA256
b4f807b7920de8cc93fa57c5b9a26126e5750bc65b87b5f68b8d77ecf31e7d64
-
SHA512
3e842ce54a0534f51bce9fde679fa1a798bbdc32f79fe81ac20753ffdce6d84956444df34e69fcbc5863f079433d2cfe998e3c51be3a6419ba3aec0f3968f48c
-
SSDEEP
192:aNzTGqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJ:IOqUVfBPwhUGK/665GSNvL/yTvSJ
Score3/10 -
-
-
Target
W091.js
-
Size
12KB
-
MD5
173fd53dae86a5a6b7c4af3e08c06539
-
SHA1
601f17247f330e78776eaa58fbd6fa1a3fbdf9f8
-
SHA256
c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7
-
SHA512
a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc
-
SSDEEP
192:eqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJy:eqUVfBPwhUGK/665GSNvL/yTvSJy
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1