General

  • Target

    ECEX2240 (304 sheets 42.047mt) Order 200221121.js

  • Size

    917KB

  • Sample

    221121-txmzfahc69

  • MD5

    b1ecd09e05f7d0532d02cd3e2659b9ef

  • SHA1

    2d2e60ca58fe39fbc28b4e5233c2f33a626481ab

  • SHA256

    4b089d0261d31dd7bc5718d79b62fda550e32350435b99fd2553728925c5a452

  • SHA512

    25be5ec9629a1a7c0d9591d05a42df8bf960ee9e42af3e06bc152e4b0bb66a07fb6a72b815f5b7187b80d94fd4ac8c6a84c83e7cde56265ac0ac285dceb5f4ce

  • SSDEEP

    24576:J238md17ijq7FJY9jXikASWVk1LCzXDZN5Us:J238y7iDa3KLXs

Malware Config

Targets

    • Target

      ECEX2240 (304 sheets 42.047mt) Order 200221121.js

    • Size

      917KB

    • MD5

      b1ecd09e05f7d0532d02cd3e2659b9ef

    • SHA1

      2d2e60ca58fe39fbc28b4e5233c2f33a626481ab

    • SHA256

      4b089d0261d31dd7bc5718d79b62fda550e32350435b99fd2553728925c5a452

    • SHA512

      25be5ec9629a1a7c0d9591d05a42df8bf960ee9e42af3e06bc152e4b0bb66a07fb6a72b815f5b7187b80d94fd4ac8c6a84c83e7cde56265ac0ac285dceb5f4ce

    • SSDEEP

      24576:J238md17ijq7FJY9jXikASWVk1LCzXDZN5Us:J238y7iDa3KLXs

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks