General

  • Target

    9f303018e09204b8dfd6527ef5174978.js

  • Size

    11KB

  • Sample

    220830-wfd2bacdgl

  • MD5

    115c28eac95195cf2b450926f48c130e

  • SHA1

    26a5571459de786bb24d985579276fc6863ae627

  • SHA256

    e4b39a1c5610c394d850e7c7051339a7ac59640c8b32647707450ceb23d0c2fb

  • SHA512

    568f77b91cf94988a97bae11bf01ebf6142bcec8d1be1262de1ddc3fd242ac110e945230302ecd6841cb0eb45b2ae1509f6032876e9ffc2e89b7e342dd4410cb

  • SSDEEP

    192:MSHX72nm0b5PC9m11uK6FgnG0h9jN+mNgRqr+LuvnhivqezPu62SwIlQKRKRQDgh:rHr2DaAM/zUdZZtnEvhju62SwQQKRKR/

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      9f303018e09204b8dfd6527ef5174978.js

    • Size

      11KB

    • MD5

      115c28eac95195cf2b450926f48c130e

    • SHA1

      26a5571459de786bb24d985579276fc6863ae627

    • SHA256

      e4b39a1c5610c394d850e7c7051339a7ac59640c8b32647707450ceb23d0c2fb

    • SHA512

      568f77b91cf94988a97bae11bf01ebf6142bcec8d1be1262de1ddc3fd242ac110e945230302ecd6841cb0eb45b2ae1509f6032876e9ffc2e89b7e342dd4410cb

    • SSDEEP

      192:MSHX72nm0b5PC9m11uK6FgnG0h9jN+mNgRqr+LuvnhivqezPu62SwIlQKRKRQDgh:rHr2DaAM/zUdZZtnEvhju62SwQQKRKR/

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks