General

  • Target

    Scan_202211001.js

  • Size

    36KB

  • Sample

    221004-nevcxaafh4

  • MD5

    3578e590329d8e33c2384104e490078a

  • SHA1

    0a1a2b6616f5ab34b2ab36dabd47adfeec5a5f7e

  • SHA256

    9dcbe92abc199dbe429c811a301fbff4cb5f1d1ab5b08760f82db4ece56cf111

  • SHA512

    5c97e395fff161ab0a082ef422cbcbb28aa0ba8c694a37a1790c425658457320be32f1cd3f31ebf63b0fe3f64ea6c0773a3480b339a2b8ba649c960483f68013

  • SSDEEP

    768:W9625Tewe2rkwfj7LSmOnnmv1d1PlyVm3SHxot0JBfEPt0xiqcPwwzomID:W962dIDcR9IHxotUBfMuxPcPwwzomID

Malware Config

Targets

    • Target

      Scan_202211001.js

    • Size

      36KB

    • MD5

      3578e590329d8e33c2384104e490078a

    • SHA1

      0a1a2b6616f5ab34b2ab36dabd47adfeec5a5f7e

    • SHA256

      9dcbe92abc199dbe429c811a301fbff4cb5f1d1ab5b08760f82db4ece56cf111

    • SHA512

      5c97e395fff161ab0a082ef422cbcbb28aa0ba8c694a37a1790c425658457320be32f1cd3f31ebf63b0fe3f64ea6c0773a3480b339a2b8ba649c960483f68013

    • SSDEEP

      768:W9625Tewe2rkwfj7LSmOnnmv1d1PlyVm3SHxot0JBfEPt0xiqcPwwzomID:W962dIDcR9IHxotUBfMuxPcPwwzomID

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks