General

  • Target

    Purchase_Order______2022__pdf.js

  • Size

    119KB

  • Sample

    220927-l3c3esecen

  • MD5

    c32bdc896863dbf7f47b3bec805d8ab0

  • SHA1

    90b22e0001d48b56a9a2002a2f2ed631725d5268

  • SHA256

    9e33a55a62c0aee89c4c7ceb3668577ed013b59ea4c8b2f8083f79e46534754e

  • SHA512

    7c8468dca67f936646fd17efdb01acd168d487705881e824bb49836f203ce8cb0d1d6e7d29cc3372d188ee1fb521a6eb41a62f64b15dc8e71f768de5914cef8d

  • SSDEEP

    3072:DjGrEXudAU8A8vRyUJ6znKMXPaiJDlFWPfCRZ7:HGrJJ8lU/znDaiJDlQPfY

Score
10/10

Malware Config

Targets

    • Target

      Purchase_Order______2022__pdf.js

    • Size

      119KB

    • MD5

      c32bdc896863dbf7f47b3bec805d8ab0

    • SHA1

      90b22e0001d48b56a9a2002a2f2ed631725d5268

    • SHA256

      9e33a55a62c0aee89c4c7ceb3668577ed013b59ea4c8b2f8083f79e46534754e

    • SHA512

      7c8468dca67f936646fd17efdb01acd168d487705881e824bb49836f203ce8cb0d1d6e7d29cc3372d188ee1fb521a6eb41a62f64b15dc8e71f768de5914cef8d

    • SSDEEP

      3072:DjGrEXudAU8A8vRyUJ6znKMXPaiJDlFWPfCRZ7:HGrJJ8lU/znDaiJDlQPfY

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks