General

  • Target

    JUZGADO SEGUNDO PROMISUCO MUNICIPAL 4545664-55525985-65444586.pdf.js

  • Size

    70KB

  • Sample

    220901-rpqz1segep

  • MD5

    bbfadcb3da4438fdd85da57413c04a06

  • SHA1

    ddfd8c316ef9a87533d04cb697d5e4b438320132

  • SHA256

    5659d489bba4bd87060b5ab0b852b850edb7b2de191a9b6679ffcd42c4c0087c

  • SHA512

    5e2f2c9de643446897e42c8fc7fad654b7f9fc7ac1cd8588754569c2f0e6840f7ef902e01e7e13a57c3eda4c352a88d76858ff0eb4596685b761eaee9b6e3ad8

  • SSDEEP

    768:AjXGlfwU5XGhnGYxf5vq4htgZTQf7WnwIIfmTGlSYjOiS7MUnKoRjAMOnIWGyNU2:d7OOalSYjO8U89NU7V8h+oxK5PescJ

Malware Config

Extracted

Family

vjw0rm

C2

http://194.5.98.48:4459

Targets

    • Target

      JUZGADO SEGUNDO PROMISUCO MUNICIPAL 4545664-55525985-65444586.pdf.js

    • Size

      70KB

    • MD5

      bbfadcb3da4438fdd85da57413c04a06

    • SHA1

      ddfd8c316ef9a87533d04cb697d5e4b438320132

    • SHA256

      5659d489bba4bd87060b5ab0b852b850edb7b2de191a9b6679ffcd42c4c0087c

    • SHA512

      5e2f2c9de643446897e42c8fc7fad654b7f9fc7ac1cd8588754569c2f0e6840f7ef902e01e7e13a57c3eda4c352a88d76858ff0eb4596685b761eaee9b6e3ad8

    • SSDEEP

      768:AjXGlfwU5XGhnGYxf5vq4htgZTQf7WnwIIfmTGlSYjOiS7MUnKoRjAMOnIWGyNU2:d7OOalSYjO8U89NU7V8h+oxK5PescJ

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks