Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
wyrecover (1).js
-
Size
188KB
-
Sample
221104-vsk5qabahn
-
MD5
fffb69df585df4ed900ba69aef15c41e
-
SHA1
2e8e68b4616e28fa4d829cfe1a47e2a2006c9fb4
-
SHA256
ad718edd0bead205d5c8e0dc326a5c89ca3ba177914e6d16fe03a09c5f9984f3
-
SHA512
0494c53e766375fe4b3f56725e65743cf92835a38bf60d3095ace26b9a947dd840282de2f93d3b333dcaf3ba6fd287cf3a7219b722e8f4f92c5c8210b86b97c4
-
SSDEEP
3072:GZebURCmAvEzHveGK/63H5pjOjOfQ0bamXbIpklgVDSxGfmuZJR:SRChmveGKyH5pjOjOoMhAklgF2GuuZ/
Behavioral task
behavioral1
Sample
wyrecover (1).js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
wyrecover (1).js
Resource
win10v2004-20220901-en
Malware Config
Extracted
wshrat
http://45.139.105.174:3670
Targets
-
-
Target
wyrecover (1).js
-
Size
188KB
-
MD5
fffb69df585df4ed900ba69aef15c41e
-
SHA1
2e8e68b4616e28fa4d829cfe1a47e2a2006c9fb4
-
SHA256
ad718edd0bead205d5c8e0dc326a5c89ca3ba177914e6d16fe03a09c5f9984f3
-
SHA512
0494c53e766375fe4b3f56725e65743cf92835a38bf60d3095ace26b9a947dd840282de2f93d3b333dcaf3ba6fd287cf3a7219b722e8f4f92c5c8210b86b97c4
-
SSDEEP
3072:GZebURCmAvEzHveGK/63H5pjOjOfQ0bamXbIpklgVDSxGfmuZJR:SRChmveGKyH5pjOjOoMhAklgF2GuuZ/
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-