Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO.js
-
Size
5KB
-
Sample
221101-k2qrfsahhm
-
MD5
2847ee58cb7ef2bc9d410ad73a15961f
-
SHA1
701a342c49ec6d2c802847157e6a68154168bbf8
-
SHA256
6b12cfb0d109c8944d64556320bb63e2b0a287b8583c16cc4eb3b32f86fe31c8
-
SHA512
3245868c4700d28843fc98e6e15eefc269da745b334bc3678f1710d1a7520305bfd5dc2c2cc87ebdd6e114f850eebcb69b55d3f2297d560b5d55621203ee78e6
-
SSDEEP
96:u9GyFqVgE4DBLSjsg2B7pikxVHFQba/40zpzw4wu+huzLsFZZRKC8CEsrYcshAiR:VuEgBOwZFiO+a/40zNw4wFSLYZRHEsrs
Static task
static1
Behavioral task
behavioral1
Sample
PO.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
vjw0rm
http://212.193.30.230:6505
Extracted
wshrat
http://212.193.30.230:3605
http://212.193.30.230:7780
Targets
-
-
Target
PO.js
-
Size
5KB
-
MD5
2847ee58cb7ef2bc9d410ad73a15961f
-
SHA1
701a342c49ec6d2c802847157e6a68154168bbf8
-
SHA256
6b12cfb0d109c8944d64556320bb63e2b0a287b8583c16cc4eb3b32f86fe31c8
-
SHA512
3245868c4700d28843fc98e6e15eefc269da745b334bc3678f1710d1a7520305bfd5dc2c2cc87ebdd6e114f850eebcb69b55d3f2297d560b5d55621203ee78e6
-
SSDEEP
96:u9GyFqVgE4DBLSjsg2B7pikxVHFQba/40zpzw4wu+huzLsFZZRKC8CEsrYcshAiR:VuEgBOwZFiO+a/40zNw4wFSLYZRHEsrs
Score10/10-
WSHRAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-