General

  • Target

    Attachments.js

  • Size

    48KB

  • Sample

    221004-pff3cabbgl

  • MD5

    f381a94fa945987a492dbf4f823bb315

  • SHA1

    251332ed281a531b2f657f5e6bb3e8d4ae510cab

  • SHA256

    9a2703cf28c3ae775f99184f50f9376128f772b17fecc31afdf0c5ff9c7ee193

  • SHA512

    98049a4e58fa7cdc867d8ed893a94a518d362150f359fd50e124e45f16ca11129465684ba28ba770029580b0bed12ed5eb555ddc8ae1d32c8066d038bf6cc0a1

  • SSDEEP

    1536:f5QoUqvsZ5gk4m+VaENUzaa1TieElbjLvOQ9:BvnkgwOa1T+N

Malware Config

Targets

    • Target

      Attachments.js

    • Size

      48KB

    • MD5

      f381a94fa945987a492dbf4f823bb315

    • SHA1

      251332ed281a531b2f657f5e6bb3e8d4ae510cab

    • SHA256

      9a2703cf28c3ae775f99184f50f9376128f772b17fecc31afdf0c5ff9c7ee193

    • SHA512

      98049a4e58fa7cdc867d8ed893a94a518d362150f359fd50e124e45f16ca11129465684ba28ba770029580b0bed12ed5eb555ddc8ae1d32c8066d038bf6cc0a1

    • SSDEEP

      1536:f5QoUqvsZ5gk4m+VaENUzaa1TieElbjLvOQ9:BvnkgwOa1T+N

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks