Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c (1)

  • Size

    23KB

  • Sample

    240327-p3m46sff3t

  • MD5

    9adebc3e15bf17b0095fd958e634b659

  • SHA1

    75587f0e6094b057fd4c3ec85b5283d84b3cf95a

  • SHA256

    b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c

  • SHA512

    5b6695670b1e121e82d1b0ecc38903e8ffae2ce23c696aae37d9d261ec8977bc1f22c9fa9da400a7e379984eab01ec85bfd29014b85766c587d206a327ec40bc

  • SSDEEP

    384:dJ4yLFLjlyW/XExNnu6kYgeb63t8jjXVqfa8wWZdPuJrrHtldszaxfc/fMAKk:/NLjlJCuvY363t8PsS8ju1dszaRiMAKk

Malware Config

Extracted

Family

vjw0rm

C2

http://severdops.ddns.net:5050

Targets

    • Target

      b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c (1)

    • Size

      23KB

    • MD5

      9adebc3e15bf17b0095fd958e634b659

    • SHA1

      75587f0e6094b057fd4c3ec85b5283d84b3cf95a

    • SHA256

      b4600e88132bd5d2308d8fc618117448e8d8553abcd86a31e039dcaef6c8a78c

    • SHA512

      5b6695670b1e121e82d1b0ecc38903e8ffae2ce23c696aae37d9d261ec8977bc1f22c9fa9da400a7e379984eab01ec85bfd29014b85766c587d206a327ec40bc

    • SSDEEP

      384:dJ4yLFLjlyW/XExNnu6kYgeb63t8jjXVqfa8wWZdPuJrrHtldszaxfc/fMAKk:/NLjlJCuvY363t8PsS8ju1dszaRiMAKk

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks