General
-
Target
JaffaCakes118_88d5612f38441b9fbccb9e2e43bba16291eea23e7d90bc7755920a0252369eff
-
Size
74KB
-
Sample
241230-arelbs1qdv
-
MD5
e4212b979b861348f093eb502d54a555
-
SHA1
126bbb8e12495a386afa30771268fe4b5f017d29
-
SHA256
88d5612f38441b9fbccb9e2e43bba16291eea23e7d90bc7755920a0252369eff
-
SHA512
296622420cdff956e61c561995265c36e204c009159aaed967e150c7435abbda1ea8907eda67985a1960588090f6c1109d64287769bf0b6f8fbc035b246b3114
-
SSDEEP
384:BiBp7z4C7+owFhl3rwUY5mn33QPHOS2A9P2:YBp7zV+ow5qk3AOSx9
Malware Config
Targets
-
-
Target
JaffaCakes118_88d5612f38441b9fbccb9e2e43bba16291eea23e7d90bc7755920a0252369eff
-
Size
74KB
-
MD5
e4212b979b861348f093eb502d54a555
-
SHA1
126bbb8e12495a386afa30771268fe4b5f017d29
-
SHA256
88d5612f38441b9fbccb9e2e43bba16291eea23e7d90bc7755920a0252369eff
-
SHA512
296622420cdff956e61c561995265c36e204c009159aaed967e150c7435abbda1ea8907eda67985a1960588090f6c1109d64287769bf0b6f8fbc035b246b3114
-
SSDEEP
384:BiBp7z4C7+owFhl3rwUY5mn33QPHOS2A9P2:YBp7zV+ow5qk3AOSx9
Score3/10 -
-
-
Target
TOO89_Payment_Invoice.js
-
Size
12KB
-
MD5
3e7dd715a15046585cb8034a1fa847b3
-
SHA1
4cbe1b633a7859821c0b7082385407cb140a0ba5
-
SHA256
5518f5e20b27a4b10ebc7abce37c733ab532354b5db6aed7edf19c25caba2ff3
-
SHA512
42777bf0328fe9844aa93e8394f11aba8d02d6bbc77980da2c22bb5b9f9a646763ed4506976dfbf3d2476ca63fbc0845bb5be64c3a6c745daffdd7f7d85f960a
-
SSDEEP
384:Y7z4C7+owFhl3rwUY5mn33QPHOS2A9P2N:Y7zV+ow5qk3AOSx9q
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1