General
-
Target
JaffaCakes118_64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
Size
54KB
-
Sample
241225-abddbs1nax
-
MD5
9bd30c870827786006549e2b7aad9af9
-
SHA1
69540b76ef13f8ba496e4c05ffb5480fc7b244b2
-
SHA256
64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
SHA512
e3250dba2438be0321590a33556e7374d9589c2a54d6d03c1427381adbff09b239ff1c84385175fe3396b37fc00817f487d2e64dfb9379190b344ac0dce1e4e9
-
SSDEEP
768:MeDqNDGlyOVolWJKx9P2VC/v2b2L3vh8zBqtc1Ooxwo6dUOdQByD0n7zI2Z5yox+:bDqwD79ngtKLLkW0sGk/Ylum
Malware Config
Targets
-
-
Target
JaffaCakes118_64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
Size
54KB
-
MD5
9bd30c870827786006549e2b7aad9af9
-
SHA1
69540b76ef13f8ba496e4c05ffb5480fc7b244b2
-
SHA256
64efc2c066eb36eae5d2904e727f096dbe36258710235b99391f7fde8bb169b0
-
SHA512
e3250dba2438be0321590a33556e7374d9589c2a54d6d03c1427381adbff09b239ff1c84385175fe3396b37fc00817f487d2e64dfb9379190b344ac0dce1e4e9
-
SSDEEP
768:MeDqNDGlyOVolWJKx9P2VC/v2b2L3vh8zBqtc1Ooxwo6dUOdQByD0n7zI2Z5yox+:bDqwD79ngtKLLkW0sGk/Ylum
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1