General
-
Target
JaffaCakes118_778352e1152d5534284fddae6556738c12657d2efc2417e2baf88ce7aca2bc0a
-
Size
1.2MB
-
Sample
241222-hh37bsxqfs
-
MD5
a180daf95fa8fde0b8ea36bfde33f8cd
-
SHA1
4fa650b7f1311e3c6f587c0541e69c8a98fd30bb
-
SHA256
778352e1152d5534284fddae6556738c12657d2efc2417e2baf88ce7aca2bc0a
-
SHA512
79b9a8252c6576be3e3873d10bba38aa4d0ac9325586c8bc1606fd3c1bd77026d8295733f46179b75ec1ec9093906fc926095011fac3bba4353fed11a91612ab
-
SSDEEP
768:A+hc043t3q+6g8zOzRO/qe7CQ0RoFDiqHoV/JH:PXr5szRO/qoaRoJi9r
Static task
static1
Behavioral task
behavioral1
Sample
WROO1_Invoice_Copy.js
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
WROO1_Invoice_Copy.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
WROO2_Invoice_Copy.vbs
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
WROO2_Invoice_Copy.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
vjw0rm
http://dingspread.duckdns.org:6130
Extracted
http://52.27.15.250/A/behdhdjdj.txt
Targets
-
-
Target
WROO1_Invoice_Copy.js
-
Size
17KB
-
MD5
d27a6555f01b023f146f6662d01070b3
-
SHA1
5d8e310ca992ed1c804a6fc54d55acd7a394d46f
-
SHA256
c40b980e8d0447cc55bffa7c5f5af8f7dba5d3ff411edfc028836c7a631af874
-
SHA512
3849e8e57b2b478f8e6dcaeb3f1376671774733600c2b1a1cc927800979b2c80e6d8b61748fbfe14b75bfb212712b833c4eddc3e89e24478984063d13c8bf4ac
-
SSDEEP
384:/cTeWWL43t3q+BCjg52zOzRO/qegMtVcYFt06GohmIlDG3qHoV/JHH:/c043t3q+6g8zOzRO/qe7CQ0RoFDiqHi
Score10/10-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
WROO2_Invoice_Copy.vbs
-
Size
509B
-
MD5
ac62735aa02614b0c7fee7df55e0da9b
-
SHA1
e173edb6949226372dd3eedc47d9369b26ee5577
-
SHA256
48951f6847400dd39cba2f5ba0376e08bb4b7e36a4c3567792289734758b7bf9
-
SHA512
1867116e4f375b98d653617682937fdacfd0892b5f3b3246cf612bca00407829ce55d725a4e8daf712323e9408a55d31fc2a8cc5696357ce9b4bc969de6cc709
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1