General

  • Target

    doc-4747890938378383-8837737327337278.js

  • Size

    18KB

  • Sample

    220902-rkj1xaheh3

  • MD5

    b783b82cc239eaf339c173490582cdc7

  • SHA1

    e1898e0b98e81a5ec225281ad5ce8177348b750c

  • SHA256

    13f1910bd8435cca761e58e628fbac3bbd6d96d6a734aa990c0369904ecb5895

  • SHA512

    d7c8c2014d2b3ec6c54fe3cfbdfe9113e052d485946763e214da4fee1478bf9b7654fe8b503fe3259cab5bce91cbaa3cc925f4c0b37d8d8aa52d4e91fb83ee38

  • SSDEEP

    192:hJK8Gqo3ljE4KzxF47xE67QeTZMac/mCfLbCbmGW2J5dFQWNMDSn8FggHqNJE2Ej:h5E5TcF6ZXlijXtQrX9plNJEIAwCH8m

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://80.76.51.88:4780

Targets

    • Target

      doc-4747890938378383-8837737327337278.js

    • Size

      18KB

    • MD5

      b783b82cc239eaf339c173490582cdc7

    • SHA1

      e1898e0b98e81a5ec225281ad5ce8177348b750c

    • SHA256

      13f1910bd8435cca761e58e628fbac3bbd6d96d6a734aa990c0369904ecb5895

    • SHA512

      d7c8c2014d2b3ec6c54fe3cfbdfe9113e052d485946763e214da4fee1478bf9b7654fe8b503fe3259cab5bce91cbaa3cc925f4c0b37d8d8aa52d4e91fb83ee38

    • SSDEEP

      192:hJK8Gqo3ljE4KzxF47xE67QeTZMac/mCfLbCbmGW2J5dFQWNMDSn8FggHqNJE2Ej:h5E5TcF6ZXlijXtQrX9plNJEIAwCH8m

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks