General

  • Target

    Payment.js

  • Size

    55KB

  • Sample

    221006-l1m5lshaa7

  • MD5

    6d49539cab32e5d6e2f35b3b1f736319

  • SHA1

    53d7377abbf7420b719f63f76c66834e7636c045

  • SHA256

    324e965afa5e34b1ed83e39b51801f390ee8e250ae58ec929b2481ef7023c0d7

  • SHA512

    9fa6fa9676afaaed81a682c4aac948abb9abb03499a4db065f2fc3b2fc7f2117a6579cf2c0e7b56e89c8c1dd0c2250c9dbbcf012e680682722e7b8a780e76501

  • SSDEEP

    1536:W962dIp1LTaGXUpxcVC7cd/2MPCwsZ14a9zcH+IzeP8:W962CXTiI5QrZ143H

Malware Config

Targets

    • Target

      Payment.js

    • Size

      55KB

    • MD5

      6d49539cab32e5d6e2f35b3b1f736319

    • SHA1

      53d7377abbf7420b719f63f76c66834e7636c045

    • SHA256

      324e965afa5e34b1ed83e39b51801f390ee8e250ae58ec929b2481ef7023c0d7

    • SHA512

      9fa6fa9676afaaed81a682c4aac948abb9abb03499a4db065f2fc3b2fc7f2117a6579cf2c0e7b56e89c8c1dd0c2250c9dbbcf012e680682722e7b8a780e76501

    • SSDEEP

      1536:W962dIp1LTaGXUpxcVC7cd/2MPCwsZ14a9zcH+IzeP8:W962CXTiI5QrZ143H

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks