General

  • Target

    BTCOPY.js

  • Size

    28KB

  • Sample

    210911-jyg5gaecfj

  • MD5

    9d724d067e3238d3352de71e94367a8e

  • SHA1

    9045f490135900647cb469dc3505021c3ed5f020

  • SHA256

    95a97e608bdcb900439a3ba07ffb942bba4dea464d6141204f0628bca6102460

  • SHA512

    716891218e1faad85922235e5479f4713c54d83bc17ed9571761de9d9919817e69e2bee444d9661c025ae51fb62f482d2bbfe6161cbf7f45347ea0725b6f4c3b

Malware Config

Targets

    • Target

      BTCOPY.js

    • Size

      28KB

    • MD5

      9d724d067e3238d3352de71e94367a8e

    • SHA1

      9045f490135900647cb469dc3505021c3ed5f020

    • SHA256

      95a97e608bdcb900439a3ba07ffb942bba4dea464d6141204f0628bca6102460

    • SHA512

      716891218e1faad85922235e5479f4713c54d83bc17ed9571761de9d9919817e69e2bee444d9661c025ae51fb62f482d2bbfe6161cbf7f45347ea0725b6f4c3b

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks