General

  • Target

    Request For Quotation.js

  • Size

    193KB

  • Sample

    220809-w93lrsgaf8

  • MD5

    bd65cb0ec06dd5d0fa934e765dbf5f1d

  • SHA1

    4753dffbe57acbae2356739a890e1a8d93576925

  • SHA256

    a3e6b16cda1ed17cb620225764f61cf8bf11fa4c8dc578449039e90f7b2db7ff

  • SHA512

    bd8a92df5eeffd8d04cda1ee6f11995d76b3f837542e1230f80f1da4f054fbf3b960f40185578716300a04d37351edcb8c8acbe1a498930bcb640c7924d32a4e

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://harold.jetos.com:3609

Targets

    • Target

      Request For Quotation.js

    • Size

      193KB

    • MD5

      bd65cb0ec06dd5d0fa934e765dbf5f1d

    • SHA1

      4753dffbe57acbae2356739a890e1a8d93576925

    • SHA256

      a3e6b16cda1ed17cb620225764f61cf8bf11fa4c8dc578449039e90f7b2db7ff

    • SHA512

      bd8a92df5eeffd8d04cda1ee6f11995d76b3f837542e1230f80f1da4f054fbf3b960f40185578716300a04d37351edcb8c8acbe1a498930bcb640c7924d32a4e

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks