Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Order_1000213789.PDF.js

  • Size

    22KB

  • Sample

    231024-jltmqsbe5z

  • MD5

    f82e5618177e656fb110dca5c85f8f6c

  • SHA1

    23bd788c1ac23a348513aefb0dc2f6e39d1261d0

  • SHA256

    95281ecb56d0fa65d5d46d6ee034e955c72413c7272d1634afbbb7211555bb91

  • SHA512

    cb005091bdbd87277de40409c2be840abdfcc91019ef6d0fba5c522e7056155cae06302d4cc037a07f17cdc48bca1c3383c269510706386200892553d52ac7a7

  • SSDEEP

    384:2QC2q9GT4Il9gHgLWViTwSqKTCsLzKc5YqPlkB+T6inMNcqyj8Wj4aKfC:e2LTz6V6q6CsLWcaqPl3WinM+qZE4aN

Malware Config

Extracted

Family

vjw0rm

C2

http://severdops.ddns.net:5050

Targets

    • Target

      Order_1000213789.PDF.js

    • Size

      22KB

    • MD5

      f82e5618177e656fb110dca5c85f8f6c

    • SHA1

      23bd788c1ac23a348513aefb0dc2f6e39d1261d0

    • SHA256

      95281ecb56d0fa65d5d46d6ee034e955c72413c7272d1634afbbb7211555bb91

    • SHA512

      cb005091bdbd87277de40409c2be840abdfcc91019ef6d0fba5c522e7056155cae06302d4cc037a07f17cdc48bca1c3383c269510706386200892553d52ac7a7

    • SSDEEP

      384:2QC2q9GT4Il9gHgLWViTwSqKTCsLzKc5YqPlkB+T6inMNcqyj8Wj4aKfC:e2LTz6V6q6CsLWcaqPl3WinM+qZE4aN

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks