General

  • Target

    Conocimiento de Embarque y Factura Comercial..js

  • Size

    12KB

  • Sample

    220830-t2hkhsbfcr

  • MD5

    ea06f2c0704d27d3b063fa0440f08830

  • SHA1

    ceb4f69d49e53ccab4edf7ce58734e499de1f2a1

  • SHA256

    b980a33e19f4f99930c3f0bcaec5074dfb15a665192ee8816b2dcce270018851

  • SHA512

    ea468f2eaf6a528a796536763a892359a5151740ad4d43d43905d5a96424929340f1cf16d4d2f3342b4f78e0a53f330b11197fa344c4c74dc91175d97dd42731

  • SSDEEP

    384:rHrDck+ZF9Fymrb5NYmNBeqj3ieUzYhg2SwQQKRKRQDTMJ:rHr+Rq+j3l7hgzwQ0QDTMJ

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://80.76.51.88:4780

Targets

    • Target

      Conocimiento de Embarque y Factura Comercial..js

    • Size

      12KB

    • MD5

      ea06f2c0704d27d3b063fa0440f08830

    • SHA1

      ceb4f69d49e53ccab4edf7ce58734e499de1f2a1

    • SHA256

      b980a33e19f4f99930c3f0bcaec5074dfb15a665192ee8816b2dcce270018851

    • SHA512

      ea468f2eaf6a528a796536763a892359a5151740ad4d43d43905d5a96424929340f1cf16d4d2f3342b4f78e0a53f330b11197fa344c4c74dc91175d97dd42731

    • SSDEEP

      384:rHrDck+ZF9Fymrb5NYmNBeqj3ieUzYhg2SwQQKRKRQDTMJ:rHr+Rq+j3l7hgzwQ0QDTMJ

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks