General

  • Target

    AWB_BL DOCS0011.PDF.js

  • Size

    188KB

  • Sample

    221014-grf8gsahgj

  • MD5

    80262502d5b596f01cb81f2918a0d600

  • SHA1

    4fc32e1694f3bdaa99f0693ba14279700a0e3094

  • SHA256

    e9aa13f84234700724c7b84c99b650fef4bc295f52d5f97a8fe9ea075dbec776

  • SHA512

    6a020f511cffa44aedd2b47b361f601cf0e2c09dab1613d14e0d81a0d3aa61184153be80bb51c5a3ff31be221d86f5adc59b03b845215f8f118318796349e5a9

  • SSDEEP

    3072:mpvGpUPOvr+fEIrHpqez8Od6MDP82a3gGH3ErAPSKiqiInjSn5GteTK3eLSM:moOP01IrHBPT8pH3EOBGwULx

Score
10/10

Malware Config

Targets

    • Target

      AWB_BL DOCS0011.PDF.js

    • Size

      188KB

    • MD5

      80262502d5b596f01cb81f2918a0d600

    • SHA1

      4fc32e1694f3bdaa99f0693ba14279700a0e3094

    • SHA256

      e9aa13f84234700724c7b84c99b650fef4bc295f52d5f97a8fe9ea075dbec776

    • SHA512

      6a020f511cffa44aedd2b47b361f601cf0e2c09dab1613d14e0d81a0d3aa61184153be80bb51c5a3ff31be221d86f5adc59b03b845215f8f118318796349e5a9

    • SSDEEP

      3072:mpvGpUPOvr+fEIrHpqez8Od6MDP82a3gGH3ErAPSKiqiInjSn5GteTK3eLSM:moOP01IrHBPT8pH3EOBGwULx

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks