General

  • Target

    6bb91325ed23a3572bbca3737d095899.js

  • Size

    12KB

  • Sample

    220831-wzcbtsbge4

  • MD5

    5e50d7eed8b0d49867af9c2b3cf4454d

  • SHA1

    29b8db0f9d6d9c73efcd0fe5a8d1256858439383

  • SHA256

    0662817ec5b53423f0381aaabc766361c981278004cdf2bec2fb07bf4896cce8

  • SHA512

    50bb5566015d2ddec836bb624a9393623ea19fc335bbf5beb9592feedb59be9a959644c0b76f870865be67e0461a898f89009fa4bf0a24596d0036de84a2fa66

  • SSDEEP

    384:rHrA8+OA9t1Xr6HHbsPpqy9J2SwQQKRKRQDTMJ:rHrFkESzzwQ0QDTMJ

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      6bb91325ed23a3572bbca3737d095899.js

    • Size

      12KB

    • MD5

      5e50d7eed8b0d49867af9c2b3cf4454d

    • SHA1

      29b8db0f9d6d9c73efcd0fe5a8d1256858439383

    • SHA256

      0662817ec5b53423f0381aaabc766361c981278004cdf2bec2fb07bf4896cce8

    • SHA512

      50bb5566015d2ddec836bb624a9393623ea19fc335bbf5beb9592feedb59be9a959644c0b76f870865be67e0461a898f89009fa4bf0a24596d0036de84a2fa66

    • SSDEEP

      384:rHrA8+OA9t1Xr6HHbsPpqy9J2SwQQKRKRQDTMJ:rHrFkESzzwQ0QDTMJ

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks