Resubmissions

06/10/2022, 20:46

221006-zkcktsahfq 10

06/10/2022, 20:30

221006-y961asaghq 10

General

  • Target

    ba4df42e0d1da69941a8bd5041978290

  • Size

    116KB

  • Sample

    221006-y961asaghq

  • MD5

    ba4df42e0d1da69941a8bd5041978290

  • SHA1

    6dd217c951ec3873aab231d9a31fad5fd0348136

  • SHA256

    02ba57277da83afa2a9846d00984d19544ac6c9615e2b6a2a9bea823a11e3527

  • SHA512

    df6fbffb59f6c63dece3dc2e62c43bb303a2807038a29e73f60fc04a0d76f3d4b5899c4f9bc5cb5447a02136a967647d12440e63d885b8001b5f2a0403d417d3

  • SSDEEP

    768:1XQaa+2MMStZWLeuNXuUKmRPMYvh5jhFgidgOJrpX9XOWPySdypolvx:hQaaMaJN+U1vhth6otkWPTgp25

Malware Config

Targets

    • Target

      attachment-2

    • Size

      76KB

    • MD5

      b568921a927e1b1501a4192ff1380623

    • SHA1

      06ed2348fc70539ca0aa919a4332df1547c1e60c

    • SHA256

      2dcdcb662b8794478bdc0475ac683551be6c510d8796de645ba1a9f2efaf2160

    • SHA512

      1203248d55baf953868e5670ed803595a051c128ad74fef58b1be4e1149381793cb94e3141c7e936369d039250910a13546621f48ec95685fb49114386b5b65c

    • SSDEEP

      384:8EEVAFXOaE6YD+f0UELie88fbKbPySqewMtYevFSr:8EEKFXOvYMWXZbPVqRuSr

    Score
    3/10
    • Target

      IMG-02200001.js

    • Size

      14KB

    • MD5

      abe454ff73cc47686a8dc9a80d42b764

    • SHA1

      a2b1ec806ab1d131aaa736bd6f8825f9bd8e303c

    • SHA256

      7fb2e5a6bc97c04d0fab46503ebd49d6b809e04506c06734c9c1e8584059b6a9

    • SHA512

      3fda2a1c37880ccfde59c7dc6e94938e51ac3e83b7c79c3a166173318178714ed195b54bc8f66d5a56cda89d23ccc9a958a9dcc0f7f1ef49c00ec3fed1c11330

    • SSDEEP

      384:8EVAFXOaE6YD+f0UELie88fbKbPySqewMtYevFSr7:8EKFXOvYMWXZbPVqRuSr7

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks