General

  • Target

    P.O 01048.pptx.js

  • Size

    113KB

  • Sample

    221014-gqwxjsahej

  • MD5

    23534d1b4a9ccc1779e33d68f1fdca2c

  • SHA1

    25b15d510fe0f138be1b518daf0818808650be70

  • SHA256

    195c5836446c7a50b2b6486b74331ba3cfd6ed143cafba073ab47f049a56651e

  • SHA512

    f5b0cfe34cace42a7771e32ad8804ba5a0903ca63a30e01022afc8d641da62de217059ea00f277bab7d9c09a5e4bd9b15a793a4e9b85f714fc4c7f596a8cc559

  • SSDEEP

    3072:KA8Bisb+2/XYc0ZxO7e8/TBuEohoENU3GicdYhz0xM:mS2/oXZW1uEqbKRz0xM

Score
10/10

Malware Config

Targets

    • Target

      P.O 01048.pptx.js

    • Size

      113KB

    • MD5

      23534d1b4a9ccc1779e33d68f1fdca2c

    • SHA1

      25b15d510fe0f138be1b518daf0818808650be70

    • SHA256

      195c5836446c7a50b2b6486b74331ba3cfd6ed143cafba073ab47f049a56651e

    • SHA512

      f5b0cfe34cace42a7771e32ad8804ba5a0903ca63a30e01022afc8d641da62de217059ea00f277bab7d9c09a5e4bd9b15a793a4e9b85f714fc4c7f596a8cc559

    • SSDEEP

      3072:KA8Bisb+2/XYc0ZxO7e8/TBuEohoENU3GicdYhz0xM:mS2/oXZW1uEqbKRz0xM

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks