General

  • Target

    HZffcLxJaQ_Tadexax2223.js

  • Size

    6KB

  • Sample

    220827-slc5escdgm

  • MD5

    07450b663165ff09ff1b5c7484612cb3

  • SHA1

    a5f38e9e7591400df6b60d5b836e5df474162590

  • SHA256

    df92400c7aef8c073404ea0f079da19b3ddde79422e4290356b85471d50655a7

  • SHA512

    6e0954ad5b35139d02bffb2e0076cbd75c76444529a334fe6971a939ed9f36b0361ba1ecdba4c30c80e3a0b6b9df2f3e9728523ecdf3ab7e53637979ad43b901

  • SSDEEP

    96:vzAJyxsV627pkjWgdFBlC6nHrSJeoSVdCF1rYCrY9U1m43wi4C4ywkZlxv71:vUJY46272igFos+JFSv1JaDZlv

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      HZffcLxJaQ_Tadexax2223.js

    • Size

      6KB

    • MD5

      07450b663165ff09ff1b5c7484612cb3

    • SHA1

      a5f38e9e7591400df6b60d5b836e5df474162590

    • SHA256

      df92400c7aef8c073404ea0f079da19b3ddde79422e4290356b85471d50655a7

    • SHA512

      6e0954ad5b35139d02bffb2e0076cbd75c76444529a334fe6971a939ed9f36b0361ba1ecdba4c30c80e3a0b6b9df2f3e9728523ecdf3ab7e53637979ad43b901

    • SSDEEP

      96:vzAJyxsV627pkjWgdFBlC6nHrSJeoSVdCF1rYCrY9U1m43wi4C4ywkZlxv71:vUJY46272igFos+JFSv1JaDZlv

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks