General

  • Target

    ffbde0f247e5b421587b145e6318fb71

  • Size

    23KB

  • Sample

    220927-yy7gpaedc6

  • MD5

    ffbde0f247e5b421587b145e6318fb71

  • SHA1

    78aa027167bf7bbde544c52c37f9132929d9b36e

  • SHA256

    94224909ac01395150805266e1c822627db7b456c24e66a8900f737637bfdcb1

  • SHA512

    cb7c5c6655164f891bf44f2051a8c2773ea84112a891d0cd42eb66358558054329866ab80070dec8f2ed7e2bf5d8371b523dd5e40ffda841deb956a21470a432

  • SSDEEP

    384:0gk8rzdM29+qROvRPRRWAJuOM2xFBu0m7OsTJ0GdymcePedvlfbma22Yh+9tWo:ZaML0vR58yuOMi6B3J00gaoBbJl0o

Malware Config

Targets

    • Target

      Paymenta 09262022.js

    • Size

      42KB

    • MD5

      6719cf030d162f7c95d681b95b865822

    • SHA1

      9d7e31084ae987c0e6994b0b9ddd238af1084e8b

    • SHA256

      505b40fdf87ce02b9d45a54e273e9c8b28ca359a45af873a29736082e95cdc91

    • SHA512

      2ed028f63bea7833c0f162b357b83a550bc413289f4fe7d7d43b3c0907db71804251b7ea62be892fd2e5869370f44f9c6f3220d082aefb7680b2dcc6eb9151df

    • SSDEEP

      768:wNjCAHbvwFTWvRFEFMix1tdorH2OAH1XJLYlCH56v+1KnLmV80XD:6jdbaTWv7EFMkorWOAH1XJsCH56vwmLw

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks