General

  • Target

    5683b3b3879184feba434736389571912c8e4beb9325b624a71c7c5a9fb776a6

  • Size

    1.0MB

  • Sample

    220725-dd7xhabgc5

  • MD5

    b1b140329b3029e8d05da49bd32c9323

  • SHA1

    0a5366bd9907336550dfad9d3018bdd7f346140c

  • SHA256

    5683b3b3879184feba434736389571912c8e4beb9325b624a71c7c5a9fb776a6

  • SHA512

    b2ecafb71ab4ef03001020fce7fecbdb5ed19cbf2ee60799a7841cabdf06f56b518fe67886260a3777bd0db3822307281055df07c0143613dc1e5d67094af437

Malware Config

Targets

    • Target

      Sunda crpted JS.js.js

    • Size

      1.7MB

    • MD5

      3b33f7d2d30f7f6e92f5b7e23ba7fcde

    • SHA1

      7b579354df7f5136af6c73ba7286530a650a1307

    • SHA256

      59c84394c34146ace2792a59df44043de97af9be147bbcc14c2c4a0437da0d9e

    • SHA512

      dba1c3bca2e493a19746388951b327233af2da0fb194324023f97309edccffdefdf5eb7802b034cb58fff957f7de17f4cadb0a996b6296c94de1f6427169363f

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks