General

  • Target

    FACTURA_SIGO_EVERTHGAMBOACARRILLO_N°568665625400022.pdf.rar

  • Size

    14KB

  • Sample

    221007-tqthmschb9

  • MD5

    0f8e72e7fb1d3489cbf07476fc83ed85

  • SHA1

    277e2c9f6e375d4ed05a540e35d67879316387e7

  • SHA256

    78ce252e70915f779f723963a941720a7e79b2222284538a4f6f99c0f7d39649

  • SHA512

    5e815638745a9042b0aaf01b3189edd53d1b31b3ea777f9dc00475183eda8766568fb47c6251abe0e3a1d54be832a4fbb959dadc4efbf25fe73e19389a6b97ac

  • SSDEEP

    192:IWR+IT90fKCr77pbX1bbSKUu9XPGdZKTsoPGdO9rxtSOEJuHFaXf4l+tOk1IvRAr:IA+2afLYV9aTHH3IIFCff+E1eB9YmHG

Malware Config

Targets

    • Target

      FACTURA_SIGO_EVERTHGAMBOACARRILLO_N°568665625400022.pdf.js

    • Size

      29KB

    • MD5

      96f834f41f5ff93fcea742d15be92139

    • SHA1

      53edda700bf5c1911d1b8be17904d748713b2e5e

    • SHA256

      cca235186ef2603aea1f9cb09f5f6a302b1391ba8e36ffffead352c8a2164db5

    • SHA512

      1efc91ecb8de613928ca309a012bfcca42365298855f104de71c625f742383522e1b14b90e8d00da83ec7759e3ff34b1931e12281e027a3c7839dd31425c7dd0

    • SSDEEP

      768:d+5P/OTIE6uwBpa4lUKOITIW4/qj7/WsPk0JR:OwqBM/k/WsXR

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks