General
-
Target
JaffaCakes118_9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
Size
13KB
-
Sample
241225-1ve95syqgv
-
MD5
bda43336bf6249a4e667d207d62cc910
-
SHA1
9dc42b7d9dfd2b3f5a22e71abb0106fdc736bf4a
-
SHA256
9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
SHA512
af80aa64ca5d29d5f1839b38330a158507faac2ec305242d94d4c041da65c8b8a8ed8c927e1cd6e1383f1fe1335a814c6d28b1bbc366e3de3d9898478edd1650
-
SSDEEP
384:jE+DtyRt9W+kdzGQ9FdtDbdP3AwOEIgrtm+7FOSE2:IZ76z3FjpnrFlr
Malware Config
Targets
-
-
Target
JaffaCakes118_9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
Size
13KB
-
MD5
bda43336bf6249a4e667d207d62cc910
-
SHA1
9dc42b7d9dfd2b3f5a22e71abb0106fdc736bf4a
-
SHA256
9b1f2d3e06f9a6299287c531f007e1f2a38fd1d5af3481e7f6be24475495567d
-
SHA512
af80aa64ca5d29d5f1839b38330a158507faac2ec305242d94d4c041da65c8b8a8ed8c927e1cd6e1383f1fe1335a814c6d28b1bbc366e3de3d9898478edd1650
-
SSDEEP
384:jE+DtyRt9W+kdzGQ9FdtDbdP3AwOEIgrtm+7FOSE2:IZ76z3FjpnrFlr
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1