General

  • Target

    Technical-Data-Sheet.js

  • Size

    11KB

  • Sample

    220829-mdncjaffeq

  • MD5

    d580d0253aa58d7c766a3a3025db41f0

  • SHA1

    d40589a5575e612775730c73f103173c546bfc31

  • SHA256

    c228fbfe16aa9d35c0142bf6feca40e6457492109be0c2a4508f130ad23d70dd

  • SHA512

    89b3aa52a09ab0c29b55cb2af451f584ff2923fe07384159bea2d9590cb228ae739bc77c88a0072f19912289a1fcb55bdd901975fb61e06a4507a6e079d053ce

  • SSDEEP

    192:MSHX78Tu0Z6/s9ZgckVqpyuD5dnvKNnlqxLEPAgYgGu7W+1RPPouYJK0z+2SwIl6:rHr83A4On1CranlAqB3/BY5a2SwQQKRw

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://redxfeli.zapto.org:7974

Targets

    • Target

      Technical-Data-Sheet.js

    • Size

      11KB

    • MD5

      d580d0253aa58d7c766a3a3025db41f0

    • SHA1

      d40589a5575e612775730c73f103173c546bfc31

    • SHA256

      c228fbfe16aa9d35c0142bf6feca40e6457492109be0c2a4508f130ad23d70dd

    • SHA512

      89b3aa52a09ab0c29b55cb2af451f584ff2923fe07384159bea2d9590cb228ae739bc77c88a0072f19912289a1fcb55bdd901975fb61e06a4507a6e079d053ce

    • SSDEEP

      192:MSHX78Tu0Z6/s9ZgckVqpyuD5dnvKNnlqxLEPAgYgGu7W+1RPPouYJK0z+2SwIl6:rHr83A4On1CranlAqB3/BY5a2SwQQKRw

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks