General

  • Target

    Blocked_Mtcn_pdf.jar

  • Size

    744KB

  • Sample

    220811-kgf2hsfcg7

  • MD5

    0981f372b79a6cb066b549f77222ed99

  • SHA1

    656b499793e15d10ff2f5c390fe68b0936747bf4

  • SHA256

    6461adafdbd61960915775dea557e0e90befe75f1dd4e5f46517912438b16ce1

  • SHA512

    73c0850ac7d1a7f8570be952638ab1e602a46ad110ea74a2fc9a225b1e4ff9c5bfad03b9a669bfc7fedcd94ffc69851859fa96812fe85ec850b77f5c145ce5cd

Score
10/10

Malware Config

Targets

    • Target

      Blocked_Mtcn_pdf.jar

    • Size

      744KB

    • MD5

      0981f372b79a6cb066b549f77222ed99

    • SHA1

      656b499793e15d10ff2f5c390fe68b0936747bf4

    • SHA256

      6461adafdbd61960915775dea557e0e90befe75f1dd4e5f46517912438b16ce1

    • SHA512

      73c0850ac7d1a7f8570be952638ab1e602a46ad110ea74a2fc9a225b1e4ff9c5bfad03b9a669bfc7fedcd94ffc69851859fa96812fe85ec850b77f5c145ce5cd

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks