General

  • Target

    IMG-20220927 Product Inquiry.js

  • Size

    117KB

  • Sample

    220927-gpqzxadgdq

  • MD5

    8ea464078e8c6f6f427a78ad43a04f0a

  • SHA1

    3e8c16ad2f41052f1683975f59f2f2bfb7bd9fbb

  • SHA256

    a13c9ee4b0f7f63c6183f2451728eaccde6e8c3e96e263ce35b3942918900eef

  • SHA512

    e6c72dcc867e00bb505ed0897eb5b3fe748d52003675de0636ab892a59ed1b04ae7aa69c50f8f4a3eba60b3c754b1cdcf802ba4b00740c5c600cc44e3bcbeccc

  • SSDEEP

    1536:UsBPjuyikDA/xozSwshV2GvIUWY/GsX/josFcHwlsZA1/8NDiLrOg8+zza7cuOmr:uy1A/xIYTAybxIQ8iJB/4VFx

Score
10/10

Malware Config

Targets

    • Target

      IMG-20220927 Product Inquiry.js

    • Size

      117KB

    • MD5

      8ea464078e8c6f6f427a78ad43a04f0a

    • SHA1

      3e8c16ad2f41052f1683975f59f2f2bfb7bd9fbb

    • SHA256

      a13c9ee4b0f7f63c6183f2451728eaccde6e8c3e96e263ce35b3942918900eef

    • SHA512

      e6c72dcc867e00bb505ed0897eb5b3fe748d52003675de0636ab892a59ed1b04ae7aa69c50f8f4a3eba60b3c754b1cdcf802ba4b00740c5c600cc44e3bcbeccc

    • SSDEEP

      1536:UsBPjuyikDA/xozSwshV2GvIUWY/GsX/josFcHwlsZA1/8NDiLrOg8+zza7cuOmr:uy1A/xIYTAybxIQ8iJB/4VFx

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks