General

  • Target

    4a58878306dd46ec10925bd0e105f74a.js

  • Size

    21KB

  • Sample

    220928-t3nsxshffk

  • MD5

    9e71e1c6d6cbc7732b57255d4f521578

  • SHA1

    ca8ea7a4e6880a04285715774e1b7541ad395b84

  • SHA256

    561dc28fca681e9cc398f303731f92ed76778460bbf0a591712986ee3c905bd8

  • SHA512

    a3648bd7c5426c1e6091456c9ea440d76c6e8284292a42a4d9cdb2aba63a9d21ae9485bc57be7003727ac26a292bef497116659e40def4bdd35e0fe72d66591d

  • SSDEEP

    384:QejY9yjtKoLY43mnh6KWozYaK7sH3nTaKLY3vNTo5mmTWngpJ7SvOyLf2Uko:PjQoS1dEg3ZKNTo55TsOyLf2Zo

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://185.157.162.75:7974

Targets

    • Target

      4a58878306dd46ec10925bd0e105f74a.js

    • Size

      21KB

    • MD5

      9e71e1c6d6cbc7732b57255d4f521578

    • SHA1

      ca8ea7a4e6880a04285715774e1b7541ad395b84

    • SHA256

      561dc28fca681e9cc398f303731f92ed76778460bbf0a591712986ee3c905bd8

    • SHA512

      a3648bd7c5426c1e6091456c9ea440d76c6e8284292a42a4d9cdb2aba63a9d21ae9485bc57be7003727ac26a292bef497116659e40def4bdd35e0fe72d66591d

    • SSDEEP

      384:QejY9yjtKoLY43mnh6KWozYaK7sH3nTaKLY3vNTo5mmTWngpJ7SvOyLf2Uko:PjQoS1dEg3ZKNTo55TsOyLf2Zo

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks