General

  • Target

    New PO 2235788.js

  • Size

    24KB

  • Sample

    220929-te2pwabch8

  • MD5

    cc4a0c95160fb7bb0b26669219ec3cbe

  • SHA1

    a8f14e9b82a42ad7d7d91d1b0f568a1c02dd7296

  • SHA256

    55816e1bfc1ecacaf3b11ba133675b6ffbef0d4b41f9c27e18aa0aca8021ea05

  • SHA512

    51666ca537d8c08f852fd253b294bb9afb6931ef939aead299bdcc3a6f534768ce4a090731a7314c1c42e07011e0beda35994551816328c49fb40b2af91e2487

  • SSDEEP

    384:834sBkYlTBU2EOD5iQZtlog7zxadFK5w5Ss3d5LDsnRvFxbn+t9ALB/hJkkMHbGC:DWVU29D5XVog7zxaTYiS83wBgBSSLtyG

Score
10/10

Malware Config

Targets

    • Target

      New PO 2235788.js

    • Size

      24KB

    • MD5

      cc4a0c95160fb7bb0b26669219ec3cbe

    • SHA1

      a8f14e9b82a42ad7d7d91d1b0f568a1c02dd7296

    • SHA256

      55816e1bfc1ecacaf3b11ba133675b6ffbef0d4b41f9c27e18aa0aca8021ea05

    • SHA512

      51666ca537d8c08f852fd253b294bb9afb6931ef939aead299bdcc3a6f534768ce4a090731a7314c1c42e07011e0beda35994551816328c49fb40b2af91e2487

    • SSDEEP

      384:834sBkYlTBU2EOD5iQZtlog7zxadFK5w5Ss3d5LDsnRvFxbn+t9ALB/hJkkMHbGC:DWVU29D5XVog7zxaTYiS83wBgBSSLtyG

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks