General
-
Target
JaffaCakes118_655334e78aaaedd288a25a2820e93dc43ca0c770848c74e3bab9ff7da2ca0de1
-
Size
142KB
-
Sample
241223-21pw7svkbm
-
MD5
444de60dd7ee5d36e21cc284dff2e50a
-
SHA1
044a10ebbb231e6c48ad0568e059f96b2310275b
-
SHA256
655334e78aaaedd288a25a2820e93dc43ca0c770848c74e3bab9ff7da2ca0de1
-
SHA512
70435e12a8fb7394b5c681f7e84940f22f7e4d8ae4e7e85b0a4322102472b25ce18aaa504bf54f94426914dd956df753dc8ea6c9ac741c4a9f8ddbe42ad869e9
-
SSDEEP
192:Yv1rffSjTKDrSsWruBc3N19eLi1ow9yQ9y9JkLE6+61Wsz+fr+5inP7TvsC+U6OT:opH+TvPvvmVVR/4K/Kt
Malware Config
Targets
-
-
Target
7165342_Payment_Receipt.js
-
Size
81KB
-
MD5
63920a31085c5e1f40f50b7df48b54f8
-
SHA1
92955db054abbdd957121479784a552ffd03d857
-
SHA256
76fc2fbb5f59ddd971dcdb93f11cefb22fc954305b5c99e36f5d42381cb33168
-
SHA512
6f687653cc20a5d4a4c716f1f2ba9f7bf1a2687e19a972a6537efdf0eee695185c34bcb9f3f32dc3c4f22fb964076dd0de46f2e961aee14c8591b174ddf637fd
-
SSDEEP
192:/jTKDrSsWruBc3N19eLi1ow9yQ9y9JkLE6+61Wsz+fr+5inP7TvsC+U6OEsO+ghu:rTvPvvmVVR/4K/KtI
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1