General
-
Target
JaffaCakes118_0b8890e56e80bbdd1502cf079ce7583a
-
Size
1.4MB
-
Sample
250106-dx72lsxken
-
MD5
0b8890e56e80bbdd1502cf079ce7583a
-
SHA1
dd2898e0e29e621e61f94b09b208daa77d3a916a
-
SHA256
c7f975e39d71c09f26329414e6e790b2df26808e88529845996c889726af65ff
-
SHA512
bd35e0ecddfc7f132f7eccd33d5abe40ff92ab129723110a1c5d11decc291af30857d05786beb16cf03401ae824ca6f5b4be6820fa1291b42cc956e6ef21b793
-
SSDEEP
24576:x2G/nvxW3WQN2mfFT+LCT7c7gapLtf5UjGgBLEA2NGAQ04tgYXltpcCK5sjmRSPu:xbA39/YL87cZ9tf5UjGgBAA2NTcDlD56
Malware Config
Targets
-
-
Target
JaffaCakes118_0b8890e56e80bbdd1502cf079ce7583a
-
Size
1.4MB
-
MD5
0b8890e56e80bbdd1502cf079ce7583a
-
SHA1
dd2898e0e29e621e61f94b09b208daa77d3a916a
-
SHA256
c7f975e39d71c09f26329414e6e790b2df26808e88529845996c889726af65ff
-
SHA512
bd35e0ecddfc7f132f7eccd33d5abe40ff92ab129723110a1c5d11decc291af30857d05786beb16cf03401ae824ca6f5b4be6820fa1291b42cc956e6ef21b793
-
SSDEEP
24576:x2G/nvxW3WQN2mfFT+LCT7c7gapLtf5UjGgBLEA2NGAQ04tgYXltpcCK5sjmRSPu:xbA39/YL87cZ9tf5UjGgBAA2NTcDlD56
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1