General
-
Target
JaffaCakes118_b6f728eff35bdc68e244a1925e4461293d9dcdbf18b4cd1a5706cb0d54e26106
-
Size
40KB
-
Sample
241223-q4meps1nfj
-
MD5
1ec90fe7d181386205db6a2c64312224
-
SHA1
f6b6da56033e22a34e30d13cfba8228228dc0048
-
SHA256
b6f728eff35bdc68e244a1925e4461293d9dcdbf18b4cd1a5706cb0d54e26106
-
SHA512
7e531ca54214b13585e8cbe61d52d62a483693f1e7637035700f754576e2b05111cff2fe231b76124f4b18f732d0cc595b3b06c96d7a94f509a97f7fcbe48bff
-
SSDEEP
768:LWzw1E7LtiSeOhrkCOY4eg/sEF63UMCMUfbrEEMwoeFi9BwuaJT5sXPMNSWB:L63LoxOhrqeBV3qjbrboeFS6NXMS
Malware Config
Targets
-
-
Target
04094fa56fe4dc175f9dc4ca63918638ca99b32b4de44fc21f14d5f5122016f6
-
Size
124KB
-
MD5
18765c6b1a20d6d90603230bca72c903
-
SHA1
874af995240ebd57aef18e00fcaa0f0f43583b85
-
SHA256
04094fa56fe4dc175f9dc4ca63918638ca99b32b4de44fc21f14d5f5122016f6
-
SHA512
3c58a98356b3b051797477d1e10cf2f469bed924d97edcd411b98c92436d4e3b4b91e650a0828583092ead6abd755bfdd641b95b4e0ed4e0e9ed75656ab0a5d5
-
SSDEEP
1536:pvqEkqX412OE9j/dQM66R7f5/1f1tFQfQ3sVZHFimHTalEtYKO/u/5/gQZVFX30M:Fp/dQM66PB10p0mHTQuWuDDPf5YcsEd
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1