General

  • Target

    Proof Of Payment.js

  • Size

    889KB

  • Sample

    221107-nrzhdsgcgp

  • MD5

    a126b82324395f382c41e487b625e0a2

  • SHA1

    f8dd10b261c136a3737b55e4b58fac820b4f999e

  • SHA256

    4ed978dd7a57e5df732c4a20a738adb245aa389abfad3ed9aa784f57325e990e

  • SHA512

    5d501f5fb1d8539e3da10a608e676189be21bef626ca40192c908fa3e952300ea952c7be19704575b51868e0138b7951ea2d267412d1aed9dbaf6e1aeccc1698

  • SSDEEP

    12288:xwvA6gJiE4/yq+fC3oFI3DvWsVhHq/06enhqq0BLS9m/XLq8Sxd:lLGyqsCzpKsTx6Lx0xd

Malware Config

Targets

    • Target

      Proof Of Payment.js

    • Size

      889KB

    • MD5

      a126b82324395f382c41e487b625e0a2

    • SHA1

      f8dd10b261c136a3737b55e4b58fac820b4f999e

    • SHA256

      4ed978dd7a57e5df732c4a20a738adb245aa389abfad3ed9aa784f57325e990e

    • SHA512

      5d501f5fb1d8539e3da10a608e676189be21bef626ca40192c908fa3e952300ea952c7be19704575b51868e0138b7951ea2d267412d1aed9dbaf6e1aeccc1698

    • SSDEEP

      12288:xwvA6gJiE4/yq+fC3oFI3DvWsVhHq/06enhqq0BLS9m/XLq8Sxd:lLGyqsCzpKsTx6Lx0xd

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks