General

  • Target

    PG4636.iso

  • Size

    86KB

  • Sample

    211206-sah7asecfp

  • MD5

    c53604f66eb2b9c34249d0596954ff72

  • SHA1

    83fd38d7b8d8f5275c12b35d259f6f069bcadbb6

  • SHA256

    a83a0eedfbf72c7be9ffa9c6463dcd2894c9a8a58e1ad159c3c53e0c5320f4d5

  • SHA512

    7ac47bcf2ac2d51fe561e1f030f6cb64c86a67e8d5014ac75e0ad2b4df90e91a8eeaf9147404cd22ad64e0f497098bec537316ddad5f03b647808a2d159b595b

Malware Config

Extracted

Family

vjw0rm

C2

http://spdxx.ddns.net:5050

Targets

    • Target

      PG4636.js

    • Size

      25KB

    • MD5

      3a55168bae35da0ff8a02ca13b65feec

    • SHA1

      dcf7b48bfb2a994598d0f0a45c24121a4ee22255

    • SHA256

      e114d03550228080f08b8053424ad98b31e285b64b5dc4d1476b93cc5a6ccfe3

    • SHA512

      1cb2db2a7beedcb84ade4fb6d91f5408932d4acfb94ae08fac98c7571e544af6b57475469f7f49cf4348bd8852df2bd8e5fc9b931bfa18ac38e2d447a1411b74

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks