General

  • Target

    Order Confirmation_OV220001820_29 0922.js

  • Size

    47KB

  • Sample

    220929-lycabsadc3

  • MD5

    c9df3ade3ffccea0bef35c68951e0c52

  • SHA1

    960b267acd00d53ad15f53ec722c5f9e50ac39e1

  • SHA256

    085914ae6981487ee2ad184426717a2707df75e15e6b8cf48e5c2ff0186edcbb

  • SHA512

    28d685d8cc108c4f9bc502e7e68260623df2b3868e865d6f917caad9df13205ce639c025cc1ed1a6d8e2a782625d92fedb42004df2b4a9528efa3d1ca3b73b45

  • SSDEEP

    768:Pt81/mb0uaTdKUT77PEbEi2PsxIugFcFuN9QX3hNYDlQBSSLt0G:PtI/o0uQdKUDEIi2PsxUq6CX3hNklPSv

Malware Config

Targets

    • Target

      Order Confirmation_OV220001820_29 0922.js

    • Size

      47KB

    • MD5

      c9df3ade3ffccea0bef35c68951e0c52

    • SHA1

      960b267acd00d53ad15f53ec722c5f9e50ac39e1

    • SHA256

      085914ae6981487ee2ad184426717a2707df75e15e6b8cf48e5c2ff0186edcbb

    • SHA512

      28d685d8cc108c4f9bc502e7e68260623df2b3868e865d6f917caad9df13205ce639c025cc1ed1a6d8e2a782625d92fedb42004df2b4a9528efa3d1ca3b73b45

    • SSDEEP

      768:Pt81/mb0uaTdKUT77PEbEi2PsxIugFcFuN9QX3hNYDlQBSSLt0G:PtI/o0uQdKUDEIi2PsxUq6CX3hNklPSv

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks