General

  • Target

    bonfico06-09.jar

  • Size

    77KB

  • Sample

    220907-l3x3laghep

  • MD5

    fba34b9b616efd1ebed5ca179fdf8f1f

  • SHA1

    e96134d69027c22948acedfc5740eadada22d0c7

  • SHA256

    7a7ec9dc94013fe93d8ab1f25f24d27e53dea475172eac8ad72dc34adb19f0f1

  • SHA512

    fc5cedd5132e6be11c56be0260bee1813efb05f1b8368b34f9fc7496aae9b1d81dd179677a66e37eb02d9281dabe466c8ef59427419f7929a618a9963ecb076b

  • SSDEEP

    1536:3CfShJqRNEnauwuTUY5/Uh1ByBPG+MhfhaNb9kfJLHjdfwBPu3AYs85WN:yfShJ6uNlrBPGRh+bifhgGw985WN

Malware Config

Targets

    • Target

      bonfico06-09.jar

    • Size

      77KB

    • MD5

      fba34b9b616efd1ebed5ca179fdf8f1f

    • SHA1

      e96134d69027c22948acedfc5740eadada22d0c7

    • SHA256

      7a7ec9dc94013fe93d8ab1f25f24d27e53dea475172eac8ad72dc34adb19f0f1

    • SHA512

      fc5cedd5132e6be11c56be0260bee1813efb05f1b8368b34f9fc7496aae9b1d81dd179677a66e37eb02d9281dabe466c8ef59427419f7929a618a9963ecb076b

    • SSDEEP

      1536:3CfShJqRNEnauwuTUY5/Uh1ByBPG+MhfhaNb9kfJLHjdfwBPu3AYs85WN:yfShJ6uNlrBPGRh+bifhgGw985WN

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks