General

  • Target

    P.O# 01048.pptx.js

  • Size

    113KB

  • Sample

    221013-1cgegsehar

  • MD5

    773de46dffbc238da98141607513793e

  • SHA1

    667ce9050a6391c54c288dd437d3aeb36d953afb

  • SHA256

    b8195f7f098563005962b0b9d09553d1933af2982c47b555e2c6a46ed45d0ad0

  • SHA512

    7db9aac1fd96b17e624c6c54e2205cce615b4f5f18f667f71144285c4ffdf9f53ad838ba68d815bc881f6497e69b3f9d4fa2f2bf8cc551d57cf4556df2ca4ae0

  • SSDEEP

    3072:IroCuBoIBoxdwmKSrDl0hnfnN8p0tBWvJkOYQjSnn:TChxd5KcDlCc0tIxbG

Score
10/10

Malware Config

Targets

    • Target

      P.O# 01048.pptx.js

    • Size

      113KB

    • MD5

      773de46dffbc238da98141607513793e

    • SHA1

      667ce9050a6391c54c288dd437d3aeb36d953afb

    • SHA256

      b8195f7f098563005962b0b9d09553d1933af2982c47b555e2c6a46ed45d0ad0

    • SHA512

      7db9aac1fd96b17e624c6c54e2205cce615b4f5f18f667f71144285c4ffdf9f53ad838ba68d815bc881f6497e69b3f9d4fa2f2bf8cc551d57cf4556df2ca4ae0

    • SSDEEP

      3072:IroCuBoIBoxdwmKSrDl0hnfnN8p0tBWvJkOYQjSnn:TChxd5KcDlCc0tIxbG

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks