General

  • Target

    Purchase Order.js

  • Size

    37KB

  • Sample

    221017-hf3g1sbadq

  • MD5

    d76c2fb83b7325ff11ce0598680050a3

  • SHA1

    304cc069d9867ab3ac6ca1a47e24e6f99de687b7

  • SHA256

    3b57e458a0b086f6d372c9784422f0fb15633519c8adbe32213d0eba88259dcd

  • SHA512

    7ae8821e7febfc93372a221c0072e34c384c553715180f051ddffe9fbaa0495a9e42b6a62e65f8bf3ce96761dc1b7ec8beb5c23de067d819f5eff6b044183b33

  • SSDEEP

    768:DjW8owpcwEBQSFKfAxIoS4vlcPcfV51A2wjgk4Ogi:DjhczBQwKfAeo5tfebEk4Op

Malware Config

Targets

    • Target

      Purchase Order.js

    • Size

      37KB

    • MD5

      d76c2fb83b7325ff11ce0598680050a3

    • SHA1

      304cc069d9867ab3ac6ca1a47e24e6f99de687b7

    • SHA256

      3b57e458a0b086f6d372c9784422f0fb15633519c8adbe32213d0eba88259dcd

    • SHA512

      7ae8821e7febfc93372a221c0072e34c384c553715180f051ddffe9fbaa0495a9e42b6a62e65f8bf3ce96761dc1b7ec8beb5c23de067d819f5eff6b044183b33

    • SSDEEP

      768:DjW8owpcwEBQSFKfAxIoS4vlcPcfV51A2wjgk4Ogi:DjhczBQwKfAeo5tfebEk4Op

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks