General

  • Target

    252f829dcb9c1525934fe45286bd2957

  • Size

    3.9MB

  • Sample

    231231-dbyk2sddd3

  • MD5

    252f829dcb9c1525934fe45286bd2957

  • SHA1

    f1bb827c11144a2619842ee443b501d4a43e4dec

  • SHA256

    c0a7609a761fa19573c36edd731cf45e9bd16b7a831d8918c919b9955bcb380d

  • SHA512

    2ca1f8685ec095dd072bb53d6107b928fc5c7f79fd400cc96cf4ded5ab4411a68e464419d097fc6b450f773ea87eb42ce1cf21c020c0c067ff37de65cdc5b48f

  • SSDEEP

    98304:qb8Hted1N2mcuVkch0CoSvmQAlXF6GN/Asr3/OWtvvo:qQNO/rkczoSeffL/z3/OCo

Malware Config

Targets

    • Target

      252f829dcb9c1525934fe45286bd2957

    • Size

      3.9MB

    • MD5

      252f829dcb9c1525934fe45286bd2957

    • SHA1

      f1bb827c11144a2619842ee443b501d4a43e4dec

    • SHA256

      c0a7609a761fa19573c36edd731cf45e9bd16b7a831d8918c919b9955bcb380d

    • SHA512

      2ca1f8685ec095dd072bb53d6107b928fc5c7f79fd400cc96cf4ded5ab4411a68e464419d097fc6b450f773ea87eb42ce1cf21c020c0c067ff37de65cdc5b48f

    • SSDEEP

      98304:qb8Hted1N2mcuVkch0CoSvmQAlXF6GN/Asr3/OWtvvo:qQNO/rkczoSeffL/z3/OCo

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks