General

  • Target

    purchase Order.js

  • Size

    44KB

  • Sample

    221017-v7qczscea5

  • MD5

    b5a5b8d90ab2de858d0b0cd14e73d69f

  • SHA1

    0b3fee51a8ae2d103cdc67be4b719709dca72e31

  • SHA256

    32b2b95d4cc1d3c0848d332cd196dd4acb7443d8f2994cbd74734adb0a11a017

  • SHA512

    cac6f719da453178b3e0363e9aefd8d4437aa2370699e13e9bed22cce223da05bf7385581efe8410418b62de7f43bea23bcaa924f65b30f16fee878084ddc8a0

  • SSDEEP

    768:6VWalf1nISY7x7cuLv8bTixZ4mOeNUWYJ835ml/1wr0qhQhnBn5:/alfEhJ8bTM4deNQq3G/Kr0qhwb

Malware Config

Targets

    • Target

      purchase Order.js

    • Size

      44KB

    • MD5

      b5a5b8d90ab2de858d0b0cd14e73d69f

    • SHA1

      0b3fee51a8ae2d103cdc67be4b719709dca72e31

    • SHA256

      32b2b95d4cc1d3c0848d332cd196dd4acb7443d8f2994cbd74734adb0a11a017

    • SHA512

      cac6f719da453178b3e0363e9aefd8d4437aa2370699e13e9bed22cce223da05bf7385581efe8410418b62de7f43bea23bcaa924f65b30f16fee878084ddc8a0

    • SSDEEP

      768:6VWalf1nISY7x7cuLv8bTixZ4mOeNUWYJ835ml/1wr0qhQhnBn5:/alfEhJ8bTM4deNQq3G/Kr0qhwb

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks