General

  • Target

    prices list#00393.js

  • Size

    55KB

  • Sample

    221007-jzfb9sbhf4

  • MD5

    2d7443c9422e2b0ff653151614e1c4aa

  • SHA1

    bb9706ea2e37d28cebf6f8cf69c5dd0dce82cfa6

  • SHA256

    d3a8e42438871932b936068a8390a1dc7165af37a4cf4c7a7f91aed493daeafa

  • SHA512

    6976c03c8f0b581665aa921e5191ffce76a4252abb008d7d19273d51834156ba418f2820c11a570c3607f8d5d29d3ef3aca611b2b746c94bf2c8a5f885045ee0

  • SSDEEP

    1536:W962dIp1LTaGXUpxcVC7cd/mMPCwsZ14a9zcH+IzeP8:W962CXTiI5wrZ143H

Malware Config

Targets

    • Target

      prices list#00393.js

    • Size

      55KB

    • MD5

      2d7443c9422e2b0ff653151614e1c4aa

    • SHA1

      bb9706ea2e37d28cebf6f8cf69c5dd0dce82cfa6

    • SHA256

      d3a8e42438871932b936068a8390a1dc7165af37a4cf4c7a7f91aed493daeafa

    • SHA512

      6976c03c8f0b581665aa921e5191ffce76a4252abb008d7d19273d51834156ba418f2820c11a570c3607f8d5d29d3ef3aca611b2b746c94bf2c8a5f885045ee0

    • SSDEEP

      1536:W962dIp1LTaGXUpxcVC7cd/mMPCwsZ14a9zcH+IzeP8:W962CXTiI5wrZ143H

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks