General

  • Target

    716740c2cffce87b85f16e2fdcba5885

  • Size

    116KB

  • Sample

    221006-y78q4saec6

  • MD5

    716740c2cffce87b85f16e2fdcba5885

  • SHA1

    dd2f2d3595d268bcb8ba7dd4ce99a584762ffc55

  • SHA256

    30be1dff7ff1ffad8346be27c5a8c2ef900e54b85dc70c4cc1fc1009755746f6

  • SHA512

    87eb1acd9237379dc18819eec86ab4f4af781ea39bca32197a719439a7b121f10b412eb11bd794b5f222e5e772bda413cfb8ed78bafeac6698c7569fb5da73bf

  • SSDEEP

    768:MPXQYX0o1iw7uNXuUZmRPMYvh5jhFgidgOJrpX9XOWPySdypolvZ:MfQYXD1iwKN+UGvhth6otkWPTgp2h

Malware Config

Targets

    • Target

      attachment-2

    • Size

      76KB

    • MD5

      b568921a927e1b1501a4192ff1380623

    • SHA1

      06ed2348fc70539ca0aa919a4332df1547c1e60c

    • SHA256

      2dcdcb662b8794478bdc0475ac683551be6c510d8796de645ba1a9f2efaf2160

    • SHA512

      1203248d55baf953868e5670ed803595a051c128ad74fef58b1be4e1149381793cb94e3141c7e936369d039250910a13546621f48ec95685fb49114386b5b65c

    • SSDEEP

      384:8EEVAFXOaE6YD+f0UELie88fbKbPySqewMtYevFSr:8EEKFXOvYMWXZbPVqRuSr

    Score
    3/10
    • Target

      IMG-02200001.js

    • Size

      14KB

    • MD5

      abe454ff73cc47686a8dc9a80d42b764

    • SHA1

      a2b1ec806ab1d131aaa736bd6f8825f9bd8e303c

    • SHA256

      7fb2e5a6bc97c04d0fab46503ebd49d6b809e04506c06734c9c1e8584059b6a9

    • SHA512

      3fda2a1c37880ccfde59c7dc6e94938e51ac3e83b7c79c3a166173318178714ed195b54bc8f66d5a56cda89d23ccc9a958a9dcc0f7f1ef49c00ec3fed1c11330

    • SSDEEP

      384:8EVAFXOaE6YD+f0UELie88fbKbPySqewMtYevFSr7:8EKFXOvYMWXZbPVqRuSr7

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks