General

  • Target

    Commercial Invoice73882289039392.js

  • Size

    12KB

  • Sample

    220830-qjc1jahdbr

  • MD5

    81a272a9c9ecebbf3c3643bb4a2588ee

  • SHA1

    46585dd077b49699219e858d0fa097223e0ec5c3

  • SHA256

    4343ef1afa7a7c1c97abac3933a2b1735676ae056f03b77122a8fc48ef66487b

  • SHA512

    fb849747a928e34d49c8a365ce6a9fb6532ec56a77358eff36c7fddab8179b8bc2882040751f481778e7b239d3234e931edde036118598af7717cbee9a78a654

  • SSDEEP

    384:rHr2BqY7/BdprTTLfIOGOTrO2SwQQKRKRQDTMJ:rHr2L3dTrOzwQ0QDTMJ

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://nanyblocks.hopto.org:4780

Targets

    • Target

      Commercial Invoice73882289039392.js

    • Size

      12KB

    • MD5

      81a272a9c9ecebbf3c3643bb4a2588ee

    • SHA1

      46585dd077b49699219e858d0fa097223e0ec5c3

    • SHA256

      4343ef1afa7a7c1c97abac3933a2b1735676ae056f03b77122a8fc48ef66487b

    • SHA512

      fb849747a928e34d49c8a365ce6a9fb6532ec56a77358eff36c7fddab8179b8bc2882040751f481778e7b239d3234e931edde036118598af7717cbee9a78a654

    • SSDEEP

      384:rHr2BqY7/BdprTTLfIOGOTrO2SwQQKRKRQDTMJ:rHr2L3dTrOzwQ0QDTMJ

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks