Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    wynwormi (1).js

  • Size

    6KB

  • Sample

    221020-md1ymahec2

  • MD5

    c02658d3892d92f451f860901be1ff6e

  • SHA1

    68364e2a981abc87db70afd28c9b70d83c4f25fb

  • SHA256

    bdd8a1389c36a9be565f526e3c590b4c4eabbc946b8d25d6791e334aa090ffed

  • SHA512

    87373410957f63273f21d867d5572119912cadf0f0114bfe2b840fa5eaf7b209f4f38b3032c65a7f031e3cdf93e0ce02017809c6c7e213620f44b474dce98f97

  • SSDEEP

    192:zkiLVbdiHOTZ81U/MBAMzeEC1qOZow5mP8ZMjQaQq59u2PwMpSA20o3UPCv+KXr5:TIIqkosXr4+LSh9fFHvfBE

Malware Config

Extracted

Family

vjw0rm

C2

http://45.139.105.174:6605

Targets

    • Target

      wynwormi (1).js

    • Size

      6KB

    • MD5

      c02658d3892d92f451f860901be1ff6e

    • SHA1

      68364e2a981abc87db70afd28c9b70d83c4f25fb

    • SHA256

      bdd8a1389c36a9be565f526e3c590b4c4eabbc946b8d25d6791e334aa090ffed

    • SHA512

      87373410957f63273f21d867d5572119912cadf0f0114bfe2b840fa5eaf7b209f4f38b3032c65a7f031e3cdf93e0ce02017809c6c7e213620f44b474dce98f97

    • SSDEEP

      192:zkiLVbdiHOTZ81U/MBAMzeEC1qOZow5mP8ZMjQaQq59u2PwMpSA20o3UPCv+KXr5:TIIqkosXr4+LSh9fFHvfBE

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks