General

  • Target

    DRAFT SHIPPING BILL.js

  • Size

    37KB

  • Sample

    221017-fgtkdsafg8

  • MD5

    fbaaf55d869f1433c9ed330254792116

  • SHA1

    e0aabf0605fc8a50396ce6bd48b5b5825e39dd5e

  • SHA256

    0734f4b02c2256fe07ee16d16e1cf39c72293f340f315adf2f55db23f286d4f4

  • SHA512

    ac05b5618a9e1acb95ce77e78eb49e69a302e4ca107e457fe273d8d7ff60ad5b5c25dc399798377aec14a86db71b0056ae81af0b1f177406f00a98b00b6ae6c1

  • SSDEEP

    768:jdn+5Jpwk4FHFFFLwR+pluc1IHu2YuPftbbpHOu/:jdypn4FlFFLwRMluc192YuPfVtHOu/

Malware Config

Targets

    • Target

      DRAFT SHIPPING BILL.js

    • Size

      37KB

    • MD5

      fbaaf55d869f1433c9ed330254792116

    • SHA1

      e0aabf0605fc8a50396ce6bd48b5b5825e39dd5e

    • SHA256

      0734f4b02c2256fe07ee16d16e1cf39c72293f340f315adf2f55db23f286d4f4

    • SHA512

      ac05b5618a9e1acb95ce77e78eb49e69a302e4ca107e457fe273d8d7ff60ad5b5c25dc399798377aec14a86db71b0056ae81af0b1f177406f00a98b00b6ae6c1

    • SSDEEP

      768:jdn+5Jpwk4FHFFFLwR+pluc1IHu2YuPftbbpHOu/:jdypn4FlFFLwRMluc192YuPfVtHOu/

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks