General
-
Target
JaffaCakes118_a19ef31c04ece8ca7d410ffe2b9d717377bdaec7a8e5bdb50a3ab84e7a971ef5
-
Size
3KB
-
Sample
241229-e4l86aspcn
-
MD5
304b79a41af63e1a26ea3c858bf9db71
-
SHA1
1d521298835aa53048e6746561155f5a695750c0
-
SHA256
a19ef31c04ece8ca7d410ffe2b9d717377bdaec7a8e5bdb50a3ab84e7a971ef5
-
SHA512
87b633d76aa26ed185ffece121c97adede9de43008cc239060a150f12e0e736c3514b64b0401ce80426070a5c58090a10ed0de2264b13fc2e6cd330e65621512
Malware Config
Targets
-
-
Target
Bill.js
-
Size
3KB
-
MD5
5578addeaf9926e7aa9edd19eec66b4d
-
SHA1
279c6bbc6b837b4998d1ad05374f5baaab401177
-
SHA256
6ecdd18eb432df3f754e32c723ff684984e6a33fcfa7731723d9d99481b83d41
-
SHA512
6504472561cb14f399811fc780d37e26269ca5acad8404217b75c1a7d7994d3900f162bfb0a3efaaef677d136e518a638cdb3468c55959e375057799ba658be0
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1