General

  • Target

    PO N°CF004303.js

  • Size

    45KB

  • Sample

    221123-q1t1dafd37

  • MD5

    fb075b3dbae613fee795bef80bf3eebc

  • SHA1

    f9156e2680111c34a5a56cc3fb36d86742db6ff8

  • SHA256

    9060f5e5675f06ff2744114c852ada2f5b146144cec99457f7435c529426fa81

  • SHA512

    2e0a57c232afd7516fe98a2a27eae9d8dd97097a9f580a742faa6979a9ab492ef3c1d55de7fb429854482447f7ada6c61a9de171747a4152196aaf711ecabe9c

  • SSDEEP

    768:NZLXAlESuz9e/oRmQSL0UvOcVzNf37JxEJNvsgiyYO1x:4iS9/wmQSLQWfX+UAYOH

Malware Config

Targets

    • Target

      PO N°CF004303.js

    • Size

      45KB

    • MD5

      fb075b3dbae613fee795bef80bf3eebc

    • SHA1

      f9156e2680111c34a5a56cc3fb36d86742db6ff8

    • SHA256

      9060f5e5675f06ff2744114c852ada2f5b146144cec99457f7435c529426fa81

    • SHA512

      2e0a57c232afd7516fe98a2a27eae9d8dd97097a9f580a742faa6979a9ab492ef3c1d55de7fb429854482447f7ada6c61a9de171747a4152196aaf711ecabe9c

    • SSDEEP

      768:NZLXAlESuz9e/oRmQSL0UvOcVzNf37JxEJNvsgiyYO1x:4iS9/wmQSLQWfX+UAYOH

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks