General

  • Target

    8642807120.zip

  • Size

    17KB

  • Sample

    221227-vrz79aae81

  • MD5

    640b4598045f494f460368f9e95497b6

  • SHA1

    60df48b016c210d33e1cd489643bb2bc4a11ff3a

  • SHA256

    fb7ed6e839a15f07b1d2ff1b99f0a44e0e0dda38663d2788a1253e79e4f62e60

  • SHA512

    b5e8bcc886408a375b3a59d57dea1f16c0bc80ddc0ea270bddbf80efd0de657733cef29b77043360e6b467a62f4f944c93aa95bb3be4126c7cdccbf9ab7d1dfe

  • SSDEEP

    384:7o/wk11eta0HxkX0SKC5qRLoNnBbrnXLN1hE1c+ZilFp9Gw+LOD0TnrIFTCjIm:7o4TtasLLC5qRinBXnbxEwLpYZrIFWjn

Malware Config

Targets

    • Target

      754416cc0f441aef7bacb842368fd06744048c4219943d5bd093e2a7e17f9267

    • Size

      48KB

    • MD5

      8aa5dd5a8392d399292fd831f9ebc486

    • SHA1

      b7815f4df84394870dd7ca91c731fe606f726afd

    • SHA256

      754416cc0f441aef7bacb842368fd06744048c4219943d5bd093e2a7e17f9267

    • SHA512

      82b1f15b16f4f73947165084ecdcf9ef28ec02f29ceb86eb1ba831c9b2d561d72c311965532a363bd03cbcca0f8497acf8e9a3672c29a86cfe71ef1aa4e4e78a

    • SSDEEP

      768:9ELx847vqNaCQVUmobI2iSi5B7sqkl3enKxNH7sse:W4Q8xsB7sqkW8NHI5

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks