General
-
Target
JaffaCakes118_03e2273476d1f37afc635d397e348e26
-
Size
10KB
-
Sample
250106-asjlnsznfx
-
MD5
03e2273476d1f37afc635d397e348e26
-
SHA1
f117888480345fa24c3265ee42f2e41203369f5c
-
SHA256
47db324fe95c246da48fe4c085c0d835c68d107ed1c19aa2d957d1acd1bc1c24
-
SHA512
05b628e15a77f2b92f0ce0405aee88feac42bc86ecef80f1c57d1a03f6567bec005b2ec10b635b808468904a36aaa4f20010e69a1ba13ceda44749fb062a5201
-
SSDEEP
192:lmFoi/C7jd8zoe+nidBz5Oh2kaVkFys1Mwab3xh1jD8aYrtSUF:lmFZ/C7RWzK2582VyExBh1jD0tSe
Malware Config
Targets
-
-
Target
JaffaCakes118_03e2273476d1f37afc635d397e348e26
-
Size
10KB
-
MD5
03e2273476d1f37afc635d397e348e26
-
SHA1
f117888480345fa24c3265ee42f2e41203369f5c
-
SHA256
47db324fe95c246da48fe4c085c0d835c68d107ed1c19aa2d957d1acd1bc1c24
-
SHA512
05b628e15a77f2b92f0ce0405aee88feac42bc86ecef80f1c57d1a03f6567bec005b2ec10b635b808468904a36aaa4f20010e69a1ba13ceda44749fb062a5201
-
SSDEEP
192:lmFoi/C7jd8zoe+nidBz5Oh2kaVkFys1Mwab3xh1jD8aYrtSUF:lmFZ/C7RWzK2582VyExBh1jD0tSe
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1