General

  • Target

    6b4867e44bbf1e541c6adceacc336fa9.js

  • Size

    11KB

  • Sample

    220901-r5ab7sfafl

  • MD5

    ecc010e3891a10b483072242e09797ba

  • SHA1

    e7c711d77718c65640033db9b5887e80d073d80b

  • SHA256

    9b8749981b6edc00313459a909eb91377f42580f17fe1831fc994f2dbb8e9ce7

  • SHA512

    c7e1a697bbe457783acfc79da5128008563c64f75ca8027cab33191ac58cdd747f01a94ce0875cf0cf66fae7f1c5397cbc7948b040eba59b6493d057c5ec9554

  • SSDEEP

    192:MSHX72nN0b5PCi3m11uL6FgnG0hu+NVmN3RJizLVv9v9/ziulg2SwIlQKRKRQDgh:rHr2mvAMmzUTKKlv9vpmulg2SwQQKRKt

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      6b4867e44bbf1e541c6adceacc336fa9.js

    • Size

      11KB

    • MD5

      ecc010e3891a10b483072242e09797ba

    • SHA1

      e7c711d77718c65640033db9b5887e80d073d80b

    • SHA256

      9b8749981b6edc00313459a909eb91377f42580f17fe1831fc994f2dbb8e9ce7

    • SHA512

      c7e1a697bbe457783acfc79da5128008563c64f75ca8027cab33191ac58cdd747f01a94ce0875cf0cf66fae7f1c5397cbc7948b040eba59b6493d057c5ec9554

    • SSDEEP

      192:MSHX72nN0b5PCi3m11uL6FgnG0hu+NVmN3RJizLVv9v9/ziulg2SwIlQKRKRQDgh:rHr2mvAMmzUTKKlv9vpmulg2SwQQKRKt

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks