General
-
Target
JaffaCakes118_70248b64f0da47a78531964998bd071a
-
Size
3KB
-
Sample
250107-v3fb8a1lax
-
MD5
70248b64f0da47a78531964998bd071a
-
SHA1
761b6341377def95d8558e806e6516b4548f8566
-
SHA256
ec94a85166da6bff3051c6960ff02eb964ed676d15a7d426b4a075c32d892a70
-
SHA512
e098e34bc1fdaed9b8e4c85699a2352344848bdf11e6590c8fdff22b489744e30bddebefd5e34b394ac5a0db50f725b281bf2907a542dbd0e1ee6bbf3e5f5215
Malware Config
Targets
-
-
Target
JaffaCakes118_70248b64f0da47a78531964998bd071a
-
Size
3KB
-
MD5
70248b64f0da47a78531964998bd071a
-
SHA1
761b6341377def95d8558e806e6516b4548f8566
-
SHA256
ec94a85166da6bff3051c6960ff02eb964ed676d15a7d426b4a075c32d892a70
-
SHA512
e098e34bc1fdaed9b8e4c85699a2352344848bdf11e6590c8fdff22b489744e30bddebefd5e34b394ac5a0db50f725b281bf2907a542dbd0e1ee6bbf3e5f5215
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1