General

  • Target

    INV-65043869.js

  • Size

    44KB

  • Sample

    220927-l3crnadbf3

  • MD5

    9e02cdcc915f595d38bdf770be9cbc96

  • SHA1

    1c8b4a8ef2552a1adf1b39e9cda88a9b0fd6eb05

  • SHA256

    e0a8c6fb8964c350d637b9d1deec691884d31ddecb1b0a9d559b7360e43dc4a2

  • SHA512

    7ba654566bf76029211efaf654b9d026e54370b89b3dc0914153ca975f6c659b4ed5734758ebd5fa7be51eb005d22405d836cd08b511a8b654d42a226491dab8

  • SSDEEP

    768:6nyrDR0WEME3EUDwKWrCHCo3gsXWZfO0WGX3FTFaVupg91zWpL:6yrDuWEME3EIs6CiWZf+Q3bCupg/Q

Malware Config

Targets

    • Target

      INV-65043869.js

    • Size

      44KB

    • MD5

      9e02cdcc915f595d38bdf770be9cbc96

    • SHA1

      1c8b4a8ef2552a1adf1b39e9cda88a9b0fd6eb05

    • SHA256

      e0a8c6fb8964c350d637b9d1deec691884d31ddecb1b0a9d559b7360e43dc4a2

    • SHA512

      7ba654566bf76029211efaf654b9d026e54370b89b3dc0914153ca975f6c659b4ed5734758ebd5fa7be51eb005d22405d836cd08b511a8b654d42a226491dab8

    • SSDEEP

      768:6nyrDR0WEME3EUDwKWrCHCo3gsXWZfO0WGX3FTFaVupg91zWpL:6yrDuWEME3EIs6CiWZf+Q3bCupg/Q

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks