General

  • Target

    INV.-OUTSTANDING-PAYMENT.js

  • Size

    1.0MB

  • Sample

    221212-mfpndadg81

  • MD5

    35d64051bf6acabd18e873e66bdfb490

  • SHA1

    78869aa750d9432e1ebb42b9b547050b547ae830

  • SHA256

    f270c7cc173c3a2a62b8e608ec403d7fb7d999befd63a090e1d70cd645dcab09

  • SHA512

    107b5a20c2a14170d47b9f2b35538d1ac6a792deb1a1d6372f46739d99df43fa3cfbc57fd5283bbdf4ba8aa44d89e6e26e918f5fe018701291c06128629a77bc

  • SSDEEP

    12288:FIGmIto4qvCwQqrkN0a13GrVVoMn8dp+lxYNI9D6gMGuU+0S87i7xIYFBzUQTMCK:3MXoNQPkzGsy6uuU+kMDmvJ

Malware Config

Targets

    • Target

      INV.-OUTSTANDING-PAYMENT.js

    • Size

      1.0MB

    • MD5

      35d64051bf6acabd18e873e66bdfb490

    • SHA1

      78869aa750d9432e1ebb42b9b547050b547ae830

    • SHA256

      f270c7cc173c3a2a62b8e608ec403d7fb7d999befd63a090e1d70cd645dcab09

    • SHA512

      107b5a20c2a14170d47b9f2b35538d1ac6a792deb1a1d6372f46739d99df43fa3cfbc57fd5283bbdf4ba8aa44d89e6e26e918f5fe018701291c06128629a77bc

    • SSDEEP

      12288:FIGmIto4qvCwQqrkN0a13GrVVoMn8dp+lxYNI9D6gMGuU+0S87i7xIYFBzUQTMCK:3MXoNQPkzGsy6uuU+kMDmvJ

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks