General

  • Target

    FedEx Shipment 770146310867.js

  • Size

    14KB

  • Sample

    221014-grf8gsbaa4

  • MD5

    1ec3744dcdfee122457ede012e1d4bff

  • SHA1

    50cfc0f080f253c964947b9a5c58c5f6772b036f

  • SHA256

    8c356490c164fdf1423f0266278b503b695ae685372a423a2f398c9cc97e7b33

  • SHA512

    5235dcf718c6b7168b16c30882bd232a20c536593b9834d08b6b4b271832ac035ddd1c6e463bf4747041ef6292204014c82aa5e1a5374120b12d05d65710ea37

  • SSDEEP

    192:jwwNf3wtPbdlZgsVr2ak02TYeF+YGf97WrE9tLEZoRQGtzL0pffYknqruNl2NuCP:jlNf3wtPHZpVQ0aJUTptzYrnqrV/n

Malware Config

Targets

    • Target

      FedEx Shipment 770146310867.js

    • Size

      14KB

    • MD5

      1ec3744dcdfee122457ede012e1d4bff

    • SHA1

      50cfc0f080f253c964947b9a5c58c5f6772b036f

    • SHA256

      8c356490c164fdf1423f0266278b503b695ae685372a423a2f398c9cc97e7b33

    • SHA512

      5235dcf718c6b7168b16c30882bd232a20c536593b9834d08b6b4b271832ac035ddd1c6e463bf4747041ef6292204014c82aa5e1a5374120b12d05d65710ea37

    • SSDEEP

      192:jwwNf3wtPbdlZgsVr2ak02TYeF+YGf97WrE9tLEZoRQGtzL0pffYknqruNl2NuCP:jlNf3wtPHZpVQ0aJUTptzYrnqrV/n

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks