General

  • Target

    Notificacion Judicial Bancaria N°45758334792240022.pdf.rar

  • Size

    13KB

  • Sample

    221005-2effmsfgh5

  • MD5

    ba59efb993a2442a6a9250c6125d25d3

  • SHA1

    998aebacd5efdea5614e661f2ba40a1db8e9a300

  • SHA256

    fccdc0d82b48d76175336f24cc7f022254ab2143f79417b8a474ea273efc1288

  • SHA512

    752f4c8435439fe9f214483ed3a52dffe9f32e627708caff8c417d63e2a923702867db1c5a255472ad121d7433b6488d364b3a244ae280779fd1414f8029d3f0

  • SSDEEP

    192:8SUR342Vr+XedgFq1t6T9Aa5dJRPYaLcGFeIyBcCeYmzz2KHiw1uOQshf9yiF9n5:8SOIO+XyEdYaIXCCepzh1uOQsfyMnAE

Malware Config

Targets

    • Target

      Notificacion Judicial Bancaria N°45758334792240022.pdf.js

    • Size

      27KB

    • MD5

      a673916fb963f4d04b4dd361f22a98e5

    • SHA1

      11eaa15cf06da6523a0101a206b873ed0f69b32c

    • SHA256

      e26c583c27b5eb94b71e39393f605b5c4bd98a218cee764f344754181b5be48e

    • SHA512

      c76c62980cee2bb2c5e8112b3d0a068b2ec5986c61e428e48280f941f78083327bea1fac2f325624cf6d00857b227dbefae401f5331a47ad256412fc29285ae4

    • SSDEEP

      768:5F80zqPlBXJKwNhZlMhTF8K2eOKejp2LBoEkpkFb3:f5KbhShTSb/p2LBrZFb3

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks