General

  • Target

    2223.js

  • Size

    6KB

  • Sample

    220827-hs782afebq

  • MD5

    d09cec49b70a776f6ed972f904b39570

  • SHA1

    f7a6813065ef763f5c8c92dcb65142890dda055f

  • SHA256

    4b09d91f18b690f6b86e7d05a23d2afa196ba081986dd7db68026877f1cd47a7

  • SHA512

    66ea1db6af5226ef7cb1818b6419bad95b40bd9c7f82ee3ef965769e41c2444671d961cd2c79b67e4edd70e5dcf11e2271301b2f7487998e6bf6ffaebaceb93f

  • SSDEEP

    96:vUZJycmh3mVZjXBdFBiU6qHzrgJ4x2SVdVEs1rYCzrX9yt6f3bjEXweKuW71:vSJBmh3mVZzBdiU54JjSvwkynNKuA

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      2223.js

    • Size

      6KB

    • MD5

      d09cec49b70a776f6ed972f904b39570

    • SHA1

      f7a6813065ef763f5c8c92dcb65142890dda055f

    • SHA256

      4b09d91f18b690f6b86e7d05a23d2afa196ba081986dd7db68026877f1cd47a7

    • SHA512

      66ea1db6af5226ef7cb1818b6419bad95b40bd9c7f82ee3ef965769e41c2444671d961cd2c79b67e4edd70e5dcf11e2271301b2f7487998e6bf6ffaebaceb93f

    • SSDEEP

      96:vUZJycmh3mVZjXBdFBiU6qHzrgJ4x2SVdVEs1rYCzrX9yt6f3bjEXweKuW71:vSJBmh3mVZzBdiU54JjSvwkynNKuA

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks