General

  • Target

    ORDEN DE COMPRA______.PDF.js

  • Size

    10KB

  • Sample

    220831-rvpn5sfeem

  • MD5

    c1d48bb06fa38384c73fb96e9d5b8429

  • SHA1

    aa0777aa90cdcb8b64bff83bddfe0b00cc42a912

  • SHA256

    3651c64ef411003b59b89f2938012c817de679655da815f50b76ecc4b7463d0f

  • SHA512

    2f9f07d65fda51fc24f98c5255eb44cb9dba9b56accb01054c62845165680b1d85896dff37321e6f135e4f36fd0720a2e24e240809ac5be1e0e6bf0dd957d4e0

  • SSDEEP

    192:LXAvRAB5ikkOAPsHtJ9jnJ8M66PMLmbDnKaHKHRohMuEsQWYPTUhhuAV:LXGki/CHNPMLhzxiMDhPTUhgAV

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://80.76.51.88:4780

Targets

    • Target

      ORDEN DE COMPRA______.PDF.js

    • Size

      10KB

    • MD5

      c1d48bb06fa38384c73fb96e9d5b8429

    • SHA1

      aa0777aa90cdcb8b64bff83bddfe0b00cc42a912

    • SHA256

      3651c64ef411003b59b89f2938012c817de679655da815f50b76ecc4b7463d0f

    • SHA512

      2f9f07d65fda51fc24f98c5255eb44cb9dba9b56accb01054c62845165680b1d85896dff37321e6f135e4f36fd0720a2e24e240809ac5be1e0e6bf0dd957d4e0

    • SSDEEP

      192:LXAvRAB5ikkOAPsHtJ9jnJ8M66PMLmbDnKaHKHRohMuEsQWYPTUhhuAV:LXGki/CHNPMLhzxiMDhPTUhgAV

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks