General

  • Target

    AgJGcJMTnh_ned7070vjw0m.js

  • Size

    201KB

  • Sample

    220809-w93lrsedek

  • MD5

    d3ee8c2c785b988fffbe118c64050ee7

  • SHA1

    5abfc8ee3eb176f6ea3788245564bf1e4ae1ead1

  • SHA256

    f2b227c75d85f5ce26544b4de5bfbab65165081c286c4bb876926fac7fea8c3e

  • SHA512

    2166e0b61d1865ac948a3f87b1421553eb2a63d1589129598f853d9500be48dcd640c3d9ab41b9c4def2d6793cb1ac2e9902237c848705b2fa220657a87e752f

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:7070

Targets

    • Target

      AgJGcJMTnh_ned7070vjw0m.js

    • Size

      201KB

    • MD5

      d3ee8c2c785b988fffbe118c64050ee7

    • SHA1

      5abfc8ee3eb176f6ea3788245564bf1e4ae1ead1

    • SHA256

      f2b227c75d85f5ce26544b4de5bfbab65165081c286c4bb876926fac7fea8c3e

    • SHA512

      2166e0b61d1865ac948a3f87b1421553eb2a63d1589129598f853d9500be48dcd640c3d9ab41b9c4def2d6793cb1ac2e9902237c848705b2fa220657a87e752f

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks