General
-
Target
JaffaCakes118_395f205e2eb958f80f72f13cff9303e2
-
Size
10KB
-
Sample
250106-zezs6syran
-
MD5
395f205e2eb958f80f72f13cff9303e2
-
SHA1
d7929d3bc0326abaa776d55b74150c42790634b9
-
SHA256
5d7a0823b291315c81e35ed0c7ca7c81c6595c7ca9e5ebf0f56993a02d77c1f2
-
SHA512
5e35600f9b4789ff0869d0d28898421121b25eb409646c1fc6794ebcf59c6d9adf742ccb266ef7d9ddf420743995236bc8a1d42a8a06dd90d5fb865662007e7e
-
SSDEEP
192:Nv7au56Eore0U4PpvsCq54jCPkEOnxyP+Qnzac7P8kdC0lTkmtteFE:N+u5xJsPpvbFRXnAWQn+30NLaFE
Malware Config
Targets
-
-
Target
JaffaCakes118_395f205e2eb958f80f72f13cff9303e2
-
Size
10KB
-
MD5
395f205e2eb958f80f72f13cff9303e2
-
SHA1
d7929d3bc0326abaa776d55b74150c42790634b9
-
SHA256
5d7a0823b291315c81e35ed0c7ca7c81c6595c7ca9e5ebf0f56993a02d77c1f2
-
SHA512
5e35600f9b4789ff0869d0d28898421121b25eb409646c1fc6794ebcf59c6d9adf742ccb266ef7d9ddf420743995236bc8a1d42a8a06dd90d5fb865662007e7e
-
SSDEEP
192:Nv7au56Eore0U4PpvsCq54jCPkEOnxyP+Qnzac7P8kdC0lTkmtteFE:N+u5xJsPpvbFRXnAWQn+30NLaFE
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1