General

  • Target

    Payment.js

  • Size

    56KB

  • Sample

    221006-l1m5lshccl

  • MD5

    d054e7e02b3059eaff172b4608402da2

  • SHA1

    b0c747c8f00c4a49b0f7d09aadc76827f23ab6c6

  • SHA256

    533bd845b6c12af1b51f96d48f4faa0722863001acdf7e5bf18ef3e2b6b85fe3

  • SHA512

    6997eff65de323bd618fd2aac3ce1afbe3fb287f1e3039f69f9caad577d3c45e506f0c7699f6645d989a9c8fda68e2a9e27b7850b3139b75faf64dd323b61e15

  • SSDEEP

    1536:W962dIvf3CIdsvfLB7o7g5sS56z65/POQpCiC:W962CH3CvvK0HO

Malware Config

Targets

    • Target

      Payment.js

    • Size

      56KB

    • MD5

      d054e7e02b3059eaff172b4608402da2

    • SHA1

      b0c747c8f00c4a49b0f7d09aadc76827f23ab6c6

    • SHA256

      533bd845b6c12af1b51f96d48f4faa0722863001acdf7e5bf18ef3e2b6b85fe3

    • SHA512

      6997eff65de323bd618fd2aac3ce1afbe3fb287f1e3039f69f9caad577d3c45e506f0c7699f6645d989a9c8fda68e2a9e27b7850b3139b75faf64dd323b61e15

    • SSDEEP

      1536:W962dIvf3CIdsvfLB7o7g5sS56z65/POQpCiC:W962CH3CvvK0HO

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks