General

  • Target

    4ee050de95152e2c19c6cb90e2022199.js

  • Size

    11KB

  • Sample

    220831-jlzhzscfd9

  • MD5

    29b6e1f018ae6b6d2971f1a947006ab3

  • SHA1

    2887ef3a00d9fb65bffb4870625950cc1e522f1b

  • SHA256

    75c289048f2987d0147952b35842473cda0ec23c7eac7e6fd461042d0adf3bd4

  • SHA512

    ea9608fd939a68bd3ff85bcd00987d31956fff1e773553ba310a4504c1753cfe0ac27567918bfcc26f50519a97ef0d96edd4e7a3ce930cf9897289fa823fb4d6

  • SSDEEP

    192:MSHX72nA0b5PCIm11uw6FgnG0hjNNjmNGR45cLwEeavU3gzFuy32SwIlQKRKRQDG:rHr2RPAMZzU54flvavUwhuy32SwQQKRw

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      4ee050de95152e2c19c6cb90e2022199.js

    • Size

      11KB

    • MD5

      29b6e1f018ae6b6d2971f1a947006ab3

    • SHA1

      2887ef3a00d9fb65bffb4870625950cc1e522f1b

    • SHA256

      75c289048f2987d0147952b35842473cda0ec23c7eac7e6fd461042d0adf3bd4

    • SHA512

      ea9608fd939a68bd3ff85bcd00987d31956fff1e773553ba310a4504c1753cfe0ac27567918bfcc26f50519a97ef0d96edd4e7a3ce930cf9897289fa823fb4d6

    • SSDEEP

      192:MSHX72nA0b5PCIm11uw6FgnG0hjNNjmNGR45cLwEeavU3gzFuy32SwIlQKRKRQDG:rHr2RPAMZzU54flvavUwhuy32SwQQKRw

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks