Overview

overview

10

Static

static

1

eReceipt.js

windows7-x64

10

eReceipt.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_59b74862f9d838a48f2672f4f957407c3b2fec19e4f737474543117eedce475a

  • Size

    11KB

  • Sample

    241229-qfg53sslhk

  • MD5

    a6f5b7708092b8ebe7c9ef4e03080b8e

  • SHA1

    e1a7434b56ef462bc14914ee8a75387c85431cb6

  • SHA256

    59b74862f9d838a48f2672f4f957407c3b2fec19e4f737474543117eedce475a

  • SHA512

    6f582bcdf808eea2b65e35e3450a30518a8c46ef4c5812eeb07065daf5c41528f036079eb7fb7d6cae4270a47ae5698d137138a035e059555d089a5b1cdd5e9a

  • SSDEEP

    192:tJntyzz3u7Gjwce6ohkuDQn6Bj+FKciopUV+LbwJ5lPpmO7T4yYMObEpvca8PSxC:t6buape6o3D7j1Yq+65lxmdMNL8PSTIr

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      eReceipt.js

    • Size

      23KB

    • MD5

      0a88f3eb9d11b80339b2954140feb7ba

    • SHA1

      1662879c2e251946f7d5497f863220dd91160102

    • SHA256

      422e287276a07bcb879d792e793c47a3720d45ed01216531a49f78aefe17bd91

    • SHA512

      7019a79a66239cb290fe3a6a845386bca020348b72b2b9b28337b839a0b5f2ebb0567211f43381eb1afea4b9c9099b73019d07d7e93f6f5ab2e65adc6c0c7665

    • SSDEEP

      384:tm3uw3mx5W7X/ZIFMzhaPIuYYHqWJUXA7jhSBfoeXG+2FLbP8L5vO97oxEXdf3e:ol2xw7Xe1F2eUXsjEBnt2uZ27oxElu

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks