General

  • Target

    eReceipt006.js

  • Size

    6KB

  • Sample

    220901-mh78haece9

  • MD5

    50a3c831c1edab5db5cef251c0f3f2a5

  • SHA1

    6f0f8a96017138c67db8f7ae5a59bd3473b2662a

  • SHA256

    eba955d84fefb31a29d8b7751edca895db13ebbafb8ebe73b84d402eb7562a6a

  • SHA512

    9f941a9419b9796a0472c56a22e85a0caa4aba496a168a3b89860acde0d554e75e1b93f737fbd22015385a8fb277283e7ed0da24dc09a19a7922336af3d565e9

  • SSDEEP

    192:1w0dXeB0rvDw2WkDR51R5nUipLc5Tt70g1b4Mn+ggmyI/Do:PXMTLgD1R5UiITtJKM+Ko

Malware Config

Targets

    • Target

      eReceipt006.js

    • Size

      6KB

    • MD5

      50a3c831c1edab5db5cef251c0f3f2a5

    • SHA1

      6f0f8a96017138c67db8f7ae5a59bd3473b2662a

    • SHA256

      eba955d84fefb31a29d8b7751edca895db13ebbafb8ebe73b84d402eb7562a6a

    • SHA512

      9f941a9419b9796a0472c56a22e85a0caa4aba496a168a3b89860acde0d554e75e1b93f737fbd22015385a8fb277283e7ed0da24dc09a19a7922336af3d565e9

    • SSDEEP

      192:1w0dXeB0rvDw2WkDR51R5nUipLc5Tt70g1b4Mn+ggmyI/Do:PXMTLgD1R5UiITtJKM+Ko

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks