General

  • Target

    5659D489BBA4BD87060B5AB0B852B850EDB7B2DE191A9B6679FFCD42C4C0087C.zip

  • Size

    21KB

  • Sample

    220901-y8kqnscge6

  • MD5

    4f2ac2116d2b4c29051dccf5032a1703

  • SHA1

    daed29f4a56c47c193ca27fb2581e34a854bb237

  • SHA256

    7d20b3dce2698def0bc7737c39b1ea0b6f4b89a777e66250f432f49260f4a7bc

  • SHA512

    0125945eeb102293fb12b46802b21badfe3f24012ba2d5933763c5341af38243d86f9faff2590792666f3ecd272f77ff5cad9dc33e8dfcb1f4611c3d0690a844

  • SSDEEP

    384:560AQe8zurYAVWwN/bfbUHu440O+qlbVCMf/iSUJS7bYPqtRSwxIJ7kzI2/baPe:VAym3VjhbUpO+CEMf/TUx6xugc2/uW

Malware Config

Targets

    • Target

      5659D489BBA4BD87060B5AB0B852B850EDB7B2DE191A9B6679FFCD42C4C0087C.js

    • Size

      70KB

    • MD5

      bbfadcb3da4438fdd85da57413c04a06

    • SHA1

      ddfd8c316ef9a87533d04cb697d5e4b438320132

    • SHA256

      5659d489bba4bd87060b5ab0b852b850edb7b2de191a9b6679ffcd42c4c0087c

    • SHA512

      5e2f2c9de643446897e42c8fc7fad654b7f9fc7ac1cd8588754569c2f0e6840f7ef902e01e7e13a57c3eda4c352a88d76858ff0eb4596685b761eaee9b6e3ad8

    • SSDEEP

      768:AjXGlfwU5XGhnGYxf5vq4htgZTQf7WnwIIfmTGlSYjOiS7MUnKoRjAMOnIWGyNU2:d7OOalSYjO8U89NU7V8h+oxK5PescJ

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks