General

  • Target

    PO-DN000379490.js

  • Size

    11KB

  • Sample

    220830-e79tmabgfj

  • MD5

    3b6757f7479a3abb443017e949594fc4

  • SHA1

    19fd933953ad9595f265e3a0496be80d124a443a

  • SHA256

    ff0a094fcf2a8190c359f54bb9dcb7175f864a4ef4d5a59a7bae6f2cfa6ba480

  • SHA512

    6f53f70119a6d703703ceac1aca86e6b4433979096b0fa7933c01ddfba71666eb38959e4541697d06764743af51a18aa5018c424fa036d40ae9741e106a746cd

  • SSDEEP

    192:MSHX72nO0b5PCnm11uK6FgnG0hxrNcmNcRSjA4UlAJLSvCYT32SwIlQKRKRQDg86:rHr2b8AM/zUxHhBnJLSvCYL2SwQQKRKt

Malware Config

Extracted

Family

vjw0rm

C2

http://ziggynas10.ddns.net:9746

Targets

    • Target

      PO-DN000379490.js

    • Size

      11KB

    • MD5

      3b6757f7479a3abb443017e949594fc4

    • SHA1

      19fd933953ad9595f265e3a0496be80d124a443a

    • SHA256

      ff0a094fcf2a8190c359f54bb9dcb7175f864a4ef4d5a59a7bae6f2cfa6ba480

    • SHA512

      6f53f70119a6d703703ceac1aca86e6b4433979096b0fa7933c01ddfba71666eb38959e4541697d06764743af51a18aa5018c424fa036d40ae9741e106a746cd

    • SSDEEP

      192:MSHX72nO0b5PCnm11uK6FgnG0hxrNcmNcRSjA4UlAJLSvCYT32SwIlQKRKRQDg86:rHr2b8AM/zUxHhBnJLSvCYL2SwQQKRKt

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks