Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
211325afecc4756847d5964f312e0a56.exe
-
Size
1.1MB
-
Sample
221008-tagh5sfagk
-
MD5
211325afecc4756847d5964f312e0a56
-
SHA1
c3479dcf0edf80bf3549c63c403e0b6c2d38e1dc
-
SHA256
1cc62bcf5d8ec1beb8d7414e95aac964b31d0fcdca01f5dabfbd979ba7f44ad9
-
SHA512
4baa3170c5d2462f48912b201493ea1c938aa8d946b9578543035e8592196c83fce4a15f0f7233e25c6302a900b4e47cc7dd83594e7d06fdac3a93a220b1a9eb
-
SSDEEP
24576:DRSs5A7kY+1Bk6BJsOIbBBp2XyHTiYuRLwOvIYtZ:DxA7d+1Bk6pI1BAyZuRLEg
Static task
static1
Behavioral task
behavioral1
Sample
211325afecc4756847d5964f312e0a56.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
211325afecc4756847d5964f312e0a56.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
hackmine141
6.tcp.eu.ngrok.io:16211
85da80f4a8dee96549d096ddac33fdf4
-
reg_key
85da80f4a8dee96549d096ddac33fdf4
-
splitter
|'|'|
Targets
-
-
Target
211325afecc4756847d5964f312e0a56.exe
-
Size
1.1MB
-
MD5
211325afecc4756847d5964f312e0a56
-
SHA1
c3479dcf0edf80bf3549c63c403e0b6c2d38e1dc
-
SHA256
1cc62bcf5d8ec1beb8d7414e95aac964b31d0fcdca01f5dabfbd979ba7f44ad9
-
SHA512
4baa3170c5d2462f48912b201493ea1c938aa8d946b9578543035e8592196c83fce4a15f0f7233e25c6302a900b4e47cc7dd83594e7d06fdac3a93a220b1a9eb
-
SSDEEP
24576:DRSs5A7kY+1Bk6BJsOIbBBp2XyHTiYuRLwOvIYtZ:DxA7d+1Bk6pI1BAyZuRLEg
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-