Overview

overview

10

Static

static

1

JaffaCakes...a2.iso

windows7-x64

3

JaffaCakes...a2.iso

windows10-2004-x64

3

#CHOO1.js

windows7-x64

10

#CHOO1.js

windows10-2004-x64

10

#CHOO2.js

windows7-x64

8

#CHOO2.js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2de716414a5246e7d4f1d9679a9c5fdefd194c30807331d05798253ebceb87a2

  • Size

    86KB

  • Sample

    241222-ptdt5syncq

  • MD5

    d0ea5ecfd59f7704114a91e85a697103

  • SHA1

    6d8ff4e7142ba828a35365f847b72bb51890341e

  • SHA256

    2de716414a5246e7d4f1d9679a9c5fdefd194c30807331d05798253ebceb87a2

  • SHA512

    2c80477abd3dbae464675eacbac2ac103746c60d7dd1ea9853b07572fcbd1b06a052ff1e09df3fdb71146ed2f4c084bb72697236512bc703f85065a64c7198d8

  • SSDEEP

    768:nQ9QyY4F/l3Q2ZEOG+hKTmOrfWlKFxOVQ0dn3I:nQ9QMF/9QxMPO7WEFxI

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      JaffaCakes118_2de716414a5246e7d4f1d9679a9c5fdefd194c30807331d05798253ebceb87a2

    • Size

      86KB

    • MD5

      d0ea5ecfd59f7704114a91e85a697103

    • SHA1

      6d8ff4e7142ba828a35365f847b72bb51890341e

    • SHA256

      2de716414a5246e7d4f1d9679a9c5fdefd194c30807331d05798253ebceb87a2

    • SHA512

      2c80477abd3dbae464675eacbac2ac103746c60d7dd1ea9853b07572fcbd1b06a052ff1e09df3fdb71146ed2f4c084bb72697236512bc703f85065a64c7198d8

    • SSDEEP

      768:nQ9QyY4F/l3Q2ZEOG+hKTmOrfWlKFxOVQ0dn3I:nQ9QMF/9QxMPO7WEFxI

    Score
    3/10
    behavioral1behavioral2

    • Target

      #CHOO1.js

    • Size

      17KB

    • MD5

      fac61c5e8f3026c1a1b63c21423a2701

    • SHA1

      c14c72c7e99a1b8166d009a89c8f6b1111a8da2a

    • SHA256

      77307f92ac36d5dce119e092099842fedd2f37432b578914af22b7ad7c1ccf94

    • SHA512

      19f7420a6cf00f25c75dd3205823645b2f3e0f77d8b817c9c1e22a9c36799e2efb880d26e886bbf9c7d6de413f8c5fe2ad3a88a6eb9b2761fde00506bd14a711

    • SSDEEP

      384:bv4FxNXwil3u4W430GvACEOyMU+qxl249TmO0XNWj7WKSKmFlKl:L4F/l3Q2ZEOG+hKTmOrfWlKl

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      #CHOO2.js

    • Size

      7KB

    • MD5

      4fc18805b5686d320a0ccdab8438ed7e

    • SHA1

      afbe3e8f7448be3ace8f48f37c1524748533ed94

    • SHA256

      7257729274b6ab5c1a605900fa40b2a76f386b3dbb3c0f4ab29e85b780eaef73

    • SHA512

      9ec6470aadce9ddaebd57167658d1a8a22ddb496e452b3a4574d3c8fa8b5d643e49d96b31df64f89fe3847bc4c7be792e21f8de063be07ef3452e936931ded14

    • SSDEEP

      192:oWAKxkz+bogcyyv9bM0MDkigxTfHZBkiADviMXObFKU5LiE:sKxm+OVbM0MQnZZAOIObFKBE

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks