General

  • Target

    57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77.exe

  • Size

    8.7MB

  • Sample

    241203-q2153sxrbt

  • MD5

    80add80d0def80a44a491a31f18de4f8

  • SHA1

    519a96705528c5842291e0bc7eafabd59b0c4f57

  • SHA256

    57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77

  • SHA512

    4c112331d1e82e8175e82f4862919f7b1dfc62861e07187b35a6612a9b27eb4efc701936edf989887aacbd408200ed881314e3c0d3e20e646f7d023a777c2338

  • SSDEEP

    196608:eDq9xBWOQiznaMYaaSDaJThbnFG3gOn4e11bUNhOsOqBOxda7Zy:kq96OQizaMAbThR6gC4ShPFqM87Zy

Malware Config

Targets

    • Target

      57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77.exe

    • Size

      8.7MB

    • MD5

      80add80d0def80a44a491a31f18de4f8

    • SHA1

      519a96705528c5842291e0bc7eafabd59b0c4f57

    • SHA256

      57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77

    • SHA512

      4c112331d1e82e8175e82f4862919f7b1dfc62861e07187b35a6612a9b27eb4efc701936edf989887aacbd408200ed881314e3c0d3e20e646f7d023a777c2338

    • SSDEEP

      196608:eDq9xBWOQiznaMYaaSDaJThbnFG3gOn4e11bUNhOsOqBOxda7Zy:kq96OQizaMAbThR6gC4ShPFqM87Zy

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Vjw0rm family

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks