Overview

overview

10

Static

static

1

JaffaCakes...379.js

windows7-x64

10

JaffaCakes...379.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8c7d90878061ce94f70b41a3d2678379

  • Size

    45KB

  • Sample

    250108-fkm7saxmfm

  • MD5

    8c7d90878061ce94f70b41a3d2678379

  • SHA1

    7d08d5be9c64a49ccfeeb14aee806cb017d941db

  • SHA256

    d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13

  • SHA512

    e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792

  • SSDEEP

    768:klrIxmyrDR0WEMKsy+iBPkIaZfO0WGX3FTFcBMENYP:klCNrDuWEMKsyxPkIaZf+Q3bcBMEN+

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Targets

    • Target

      JaffaCakes118_8c7d90878061ce94f70b41a3d2678379

    • Size

      45KB

    • MD5

      8c7d90878061ce94f70b41a3d2678379

    • SHA1

      7d08d5be9c64a49ccfeeb14aee806cb017d941db

    • SHA256

      d52a0835e1845e89e134b1701d39b4f1fe4091814d9c1746f2f722599328dd13

    • SHA512

      e510040078a0dc4b305abaf1a6d33d44f871f77f91c90c721c810fbb629b3c633e44654193bebd9b4bf537b9d124696432f808bdfbc60daf7c49e206eadb0792

    • SSDEEP

      768:klrIxmyrDR0WEMKsy+iBPkIaZfO0WGX3FTFcBMENYP:klCNrDuWEMKsyxPkIaZf+Q3bcBMEN+

    Score
    10/10
    vjw0rmexecutionpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks