General

  • Target

    Swift copy.js

  • Size

    272KB

  • Sample

    211206-d8r5jagag4

  • MD5

    800b61af70057adcb5199c9a32800ed5

  • SHA1

    f6796347f1c1344e808f529410687d33c5856a7e

  • SHA256

    e213b03bb6a8286d026918fbb9bb31a7882e0ee130a469801e53a78c46017c17

  • SHA512

    a209ceaebb289b4cbfd3dff79f47d72e818ac0d0b9709c5f05e6e7d2a56260981300d7574d056983e2bb507d4474787f2415ffce63195aab6c96e257368f3ac6

Malware Config

Targets

    • Target

      Swift copy.js

    • Size

      272KB

    • MD5

      800b61af70057adcb5199c9a32800ed5

    • SHA1

      f6796347f1c1344e808f529410687d33c5856a7e

    • SHA256

      e213b03bb6a8286d026918fbb9bb31a7882e0ee130a469801e53a78c46017c17

    • SHA512

      a209ceaebb289b4cbfd3dff79f47d72e818ac0d0b9709c5f05e6e7d2a56260981300d7574d056983e2bb507d4474787f2415ffce63195aab6c96e257368f3ac6

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks