Overview

overview

10

Static

static

1

JaffaCakes...4f.iso

windows7-x64

3

JaffaCakes...4f.iso

windows10-2004-x64

3

TV003_Invo...189.js

windows7-x64

10

TV003_Invo...189.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5fad065322759fdc6eb4e74afcdc5d3c02d910be9bcbc7c91b475fdc3b21cc4f

  • Size

    76KB

  • Sample

    241228-3wzraawlck

  • MD5

    6f6137b261872ac956432b6c86347667

  • SHA1

    a4fb9c9c0d1e0074c78b3ed217cc136d16b6c577

  • SHA256

    5fad065322759fdc6eb4e74afcdc5d3c02d910be9bcbc7c91b475fdc3b21cc4f

  • SHA512

    427131d11f0a0c374949fb2ccf0cdce0116fb647dca2b559531e188f2e65964b7582921794a103bb7bbbd25d1c6fcde94a3cadc45a4820f650da54cf3437620a

  • SSDEEP

    192:EdtyMt4MHSWPOg185iwp9MAyf0IA0SLizr9SndcrkxkpZT29/A3q/ITAHCLp4F3d:E3yB7rppXIjSpc0y4BAawcjz

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      JaffaCakes118_5fad065322759fdc6eb4e74afcdc5d3c02d910be9bcbc7c91b475fdc3b21cc4f

    • Size

      76KB

    • MD5

      6f6137b261872ac956432b6c86347667

    • SHA1

      a4fb9c9c0d1e0074c78b3ed217cc136d16b6c577

    • SHA256

      5fad065322759fdc6eb4e74afcdc5d3c02d910be9bcbc7c91b475fdc3b21cc4f

    • SHA512

      427131d11f0a0c374949fb2ccf0cdce0116fb647dca2b559531e188f2e65964b7582921794a103bb7bbbd25d1c6fcde94a3cadc45a4820f650da54cf3437620a

    • SSDEEP

      192:EdtyMt4MHSWPOg185iwp9MAyf0IA0SLizr9SndcrkxkpZT29/A3q/ITAHCLp4F3d:E3yB7rppXIjSpc0y4BAawcjz

    Score
    3/10
    behavioral1behavioral2

    • Target

      TV003_Invoice#02189.js

    • Size

      14KB

    • MD5

      1cd457729e7a388410439cb4e6f7f74e

    • SHA1

      37440a4330cfaa27fc180f9055670accb09510dd

    • SHA256

      2b2d82a9d85104bce3d431a7fcbacd4652b25ae367cfd41b13e582b375d53183

    • SHA512

      8a8ad59baf571cba5130c8c619792cf0b62201c661398d9ec13267ced22f60117e9b585a95d63fb555c62bcdee361d2d641a52031f8b463a8ed87a911bab1100

    • SSDEEP

      192:4POg185iwp9MAyf0IA0SLizr9SndcrkxkpZT29/A3q/ITAHCLp4F3zMGogva:D7rppXIjSpc0y4BAawcjzA

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks