General

  • Target

    POAUG29.js

  • Size

    11KB

  • Sample

    220829-ndpe9shfc3

  • MD5

    0b5aacc1ccd2f9d5156ef0cbb29c3e4e

  • SHA1

    07ddd944441342bc291ec3aedbdb0363a7b20f5c

  • SHA256

    2f320ac0d8f435a328e394c7b895bad0e3a86f94dc3c492ffd2fc680a2d8eca2

  • SHA512

    8a8e41db25638e8ef8cfa9401e1b71b21b20d01800aade03680a67fd18518f74c19f14d70fb3a4a034456a5cb815446bbf6fdaf90a6f3ec0e94f72cf64b04593

  • SSDEEP

    192:MSHX72nk70b5PCcm11uqn6FgnG0hl/NMmNIRW/IFAHsKnAiRA2d+KSg2SwIlQKRw:rHr27bAMzzUVDlAA1AKAdKSg2SwQQKRw

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://favour123.duckdns.org:1978

Targets

    • Target

      POAUG29.js

    • Size

      11KB

    • MD5

      0b5aacc1ccd2f9d5156ef0cbb29c3e4e

    • SHA1

      07ddd944441342bc291ec3aedbdb0363a7b20f5c

    • SHA256

      2f320ac0d8f435a328e394c7b895bad0e3a86f94dc3c492ffd2fc680a2d8eca2

    • SHA512

      8a8e41db25638e8ef8cfa9401e1b71b21b20d01800aade03680a67fd18518f74c19f14d70fb3a4a034456a5cb815446bbf6fdaf90a6f3ec0e94f72cf64b04593

    • SSDEEP

      192:MSHX72nk70b5PCcm11uqn6FgnG0hl/NMmNIRW/IFAHsKnAiRA2d+KSg2SwIlQKRw:rHr27bAMzzUVDlAA1AKAdKSg2SwQQKRw

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks