General

  • Target

    Original Documents.js

  • Size

    46KB

  • Sample

    220928-q74s6agaf8

  • MD5

    e936e61f389ca1d30fa19a167f2bfe64

  • SHA1

    cef085e26d52a347b402adf771e607f75b60aea5

  • SHA256

    835d687884b0393ee9bafb66d5af0279cd267eb91ec3d4c292a76adce8d97ec1

  • SHA512

    d4f3d14b64730ed0a376759dd710193fd8ac5ecd300beb037bdae9d7c5b0a3a54b940346fe6cf5928d980ca49614942ccae5fedd8f7654e3c7ab4eceb1043392

  • SSDEEP

    768:dxu2gS+Dz+aYY4KY/u6ZkqYLw6yZo6dZhZzjoX69c3omhtc5N1FewZvX71mG4E4f:dxu2gS+n+TY7Y/u6+Lwe6dZhZzjoX69k

Malware Config

Targets

    • Target

      Original Documents.js

    • Size

      46KB

    • MD5

      e936e61f389ca1d30fa19a167f2bfe64

    • SHA1

      cef085e26d52a347b402adf771e607f75b60aea5

    • SHA256

      835d687884b0393ee9bafb66d5af0279cd267eb91ec3d4c292a76adce8d97ec1

    • SHA512

      d4f3d14b64730ed0a376759dd710193fd8ac5ecd300beb037bdae9d7c5b0a3a54b940346fe6cf5928d980ca49614942ccae5fedd8f7654e3c7ab4eceb1043392

    • SSDEEP

      768:dxu2gS+Dz+aYY4KY/u6ZkqYLw6yZo6dZhZzjoX69c3omhtc5N1FewZvX71mG4E4f:dxu2gS+n+TY7Y/u6+Lwe6dZhZzjoX69k

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks