Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO #201022.js

  • Size

    21KB

  • Sample

    221020-s6gncacbg2

  • MD5

    f74ced094ebe99fa0915b28a2a8a9fc7

  • SHA1

    49f432ab21bb4c1ea62ddbec657f1738755ebf20

  • SHA256

    dbd9fa524d604f5176c0a630dc6a33ad882a4ad924f32d0d8e926b2282830b4d

  • SHA512

    a9d680d940b7c39b0a4cea264aafd2efa4fbfb8e707c36ec6cfc427be0c80cc43effd3e49ddfc8beeb8f6f2eef01b91683729cca058994270ec111d00efb69ec

  • SSDEEP

    384:caxGJXaVaJGvXNJvkHqBbY4Axobnu+1dHCrfnep0mKbx2R6j98FTApF0Z6/tfmBS:cXJXdkNqHqBU4CobuAsU01b8Teo61feS

Score
10/10

Malware Config

Extracted

Family

vjw0rm

C2

http://breakchian.duckdns.org:7974

Targets

    • Target

      PO #201022.js

    • Size

      21KB

    • MD5

      f74ced094ebe99fa0915b28a2a8a9fc7

    • SHA1

      49f432ab21bb4c1ea62ddbec657f1738755ebf20

    • SHA256

      dbd9fa524d604f5176c0a630dc6a33ad882a4ad924f32d0d8e926b2282830b4d

    • SHA512

      a9d680d940b7c39b0a4cea264aafd2efa4fbfb8e707c36ec6cfc427be0c80cc43effd3e49ddfc8beeb8f6f2eef01b91683729cca058994270ec111d00efb69ec

    • SSDEEP

      384:caxGJXaVaJGvXNJvkHqBbY4Axobnu+1dHCrfnep0mKbx2R6j98FTApF0Z6/tfmBS:cXJXdkNqHqBU4CobuAsU01b8Teo61feS

    Score
    10/10
    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks