General

  • Target

    ad520cde82e481399b6db207334548c2

  • Size

    35KB

  • Sample

    220927-yyweesfedn

  • MD5

    ad520cde82e481399b6db207334548c2

  • SHA1

    c0833dbefefd4f8de66d1506be03e13568e2c9b5

  • SHA256

    84835ff938a5f07b9bce0af90cc2a2614b35cb7dfd6691813e0a7b2c39eeb2f1

  • SHA512

    71f100ac98291216a8db4fc2f5c4499a673b0cc1914b769302b9e3b03a5ad2c29a7c6d29f9dd3ffc9aa0a3941e9a51a64aac9cc1cc20cc729c2cff7122aa74ea

  • SSDEEP

    768:kL+mz+v+tHnY+LpV3z++IN4vsaML0vR58yuOMi6B3J00gaoBbJl0T:89cN4v00Z58yurBZ0pBbD0

Malware Config

Targets

    • Target

      Paymenta 09262022.js

    • Size

      42KB

    • MD5

      6719cf030d162f7c95d681b95b865822

    • SHA1

      9d7e31084ae987c0e6994b0b9ddd238af1084e8b

    • SHA256

      505b40fdf87ce02b9d45a54e273e9c8b28ca359a45af873a29736082e95cdc91

    • SHA512

      2ed028f63bea7833c0f162b357b83a550bc413289f4fe7d7d43b3c0907db71804251b7ea62be892fd2e5869370f44f9c6f3220d082aefb7680b2dcc6eb9151df

    • SSDEEP

      768:wNjCAHbvwFTWvRFEFMix1tdorH2OAH1XJLYlCH56v+1KnLmV80XD:6jdbaTWv7EFMkorWOAH1XJsCH56vwmLw

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks