General

  • Target

    10a86d35c293af03e5b49be9a552e3a3.js

  • Size

    17KB

  • Sample

    220902-rkj1xaheh2

  • MD5

    1152bda96ff9a2cf8961f7f2fbb71eab

  • SHA1

    d2c95d37ae4780bcdece750d01bde6f4f6ff6c47

  • SHA256

    e9d5c6e7b46745e9f6bc28240dcfc33e192132e426cb2711b858f78d7cf51463

  • SHA512

    57cb63f9f9bcdab46d4ecf601f24a0a0485d74b76e7bdd2013f7b0a3e32fd767e1e0dbcb64f4cbed3ae4dce2d091f417d4a9304ca6fde2152940a3de462f9f87

  • SSDEEP

    192:hJK8Gqo3ljE4KbLpB4e72eThAacp7wdlsCXQe20yaNamNDRlmTLl3AevD17zCuPl:h5E5TEbNl9OwsULP5a13ZvDpOuPu28m

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:2223

Targets

    • Target

      10a86d35c293af03e5b49be9a552e3a3.js

    • Size

      17KB

    • MD5

      1152bda96ff9a2cf8961f7f2fbb71eab

    • SHA1

      d2c95d37ae4780bcdece750d01bde6f4f6ff6c47

    • SHA256

      e9d5c6e7b46745e9f6bc28240dcfc33e192132e426cb2711b858f78d7cf51463

    • SHA512

      57cb63f9f9bcdab46d4ecf601f24a0a0485d74b76e7bdd2013f7b0a3e32fd767e1e0dbcb64f4cbed3ae4dce2d091f417d4a9304ca6fde2152940a3de462f9f87

    • SSDEEP

      192:hJK8Gqo3ljE4KbLpB4e72eThAacp7wdlsCXQe20yaNamNDRlmTLl3AevD17zCuPl:h5E5TEbNl9OwsULP5a13ZvDpOuPu28m

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks