General

  • Target

    P.O_ 01048.pptx.js.zip

  • Size

    73KB

  • Sample

    221013-1pqhxsfeej

  • MD5

    47fad14271e9416dfdc5e8f6281affca

  • SHA1

    fb1940c2c0d1d6fa4f05d9142bd42bd8a5d7b51b

  • SHA256

    ca594f1e5cae818ffdea2f8393aad6403b72ef65cdb61cfba3328e8acd101b55

  • SHA512

    bc149907fda9e0f662a1dde6cb71b9fa1e9f3f23635cb0b9b27416c4a160f87b7a41c5e16de2a18b5e60ed7512677dc24cf5112fe4010ae26fbc1c8c56f33f23

  • SSDEEP

    1536:Px3KLT3CgZCdFyDHZ/QMz3ALj1Hb7KmDbiFlL0lCdxGsp:538StdF4HZ3QRPVDbiFJdxGsp

Score
10/10

Malware Config

Targets

    • Target

      P.O_ 01048.pptx.js

    • Size

      113KB

    • MD5

      773de46dffbc238da98141607513793e

    • SHA1

      667ce9050a6391c54c288dd437d3aeb36d953afb

    • SHA256

      b8195f7f098563005962b0b9d09553d1933af2982c47b555e2c6a46ed45d0ad0

    • SHA512

      7db9aac1fd96b17e624c6c54e2205cce615b4f5f18f667f71144285c4ffdf9f53ad838ba68d815bc881f6497e69b3f9d4fa2f2bf8cc551d57cf4556df2ca4ae0

    • SSDEEP

      3072:IroCuBoIBoxdwmKSrDl0hnfnN8p0tBWvJkOYQjSnn:TChxd5KcDlCc0tIxbG

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks