General
-
Target
JaffaCakes118_d625b68606f5221ef6893109ebd3682ddef07dbdb120688fc1626305aeb1ff6a
-
Size
1.2MB
-
Sample
241226-yv1jzaxrcl
-
MD5
079c1e2044a9ce3f6a40b7d5182a16e0
-
SHA1
74c58ebf3e49a568be9ea7080d521748cb4ab63f
-
SHA256
d625b68606f5221ef6893109ebd3682ddef07dbdb120688fc1626305aeb1ff6a
-
SHA512
9f78fed66a9c49dfca72770e5832dea0cab8c5477fc20f15387aeb7898ea6c65885cb9db3a410e46ba3b52f93289dff36e46c811a64075361fb06f90a031c3ac
-
SSDEEP
384:8wcWTi3WX/kepHiAGDuTnj/CXEiEZ6hfWcGHS6heo418S/BQ:EWTTMepCOTjK0cRWVSfo4H
Malware Config
Targets
-
-
Target
#UE00S802H.js
-
Size
13KB
-
MD5
8683ce7e2e7126ac6e0fc21e85a2ab19
-
SHA1
cdc1b5d86f240947f305ce8b3b63034250cb730c
-
SHA256
8af76d1916ebc77d52162659733ff74656dfa8955fc0d60e92dc1fb9a86c29fa
-
SHA512
5233f2f55356d00a776f2e067a0d5912ad99fc3016a7ff8cec4cf35ed3f3242251ed0d39dcc2d14928f32f22a0a00935049675a9e15488d9e8c627bd7b799530
-
SSDEEP
384:nwcWTi3WX/kepHiAGDuTnj/CXEiEZ6hfWcGHS6heo418S/BQx:ZWTTMepCOTjK0cRWVSfo4HA
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1