Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765
-
Size
72KB
-
Sample
221011-hz6zjsbgdp
-
MD5
67d9264622cde2684cd76d491685e0c0
-
SHA1
c6929603317c313d78e08b4a900361cf4ba952c6
-
SHA256
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765
-
SHA512
72daedee180d9a6fc0c12293650ab1b709960c8d0643f497adce776bd6e61f552cd3fa8325a2da27c9537daaf0bc5f6e491eb5ed2de6e610780771b09493241f
-
SSDEEP
1536:IPV3C2bm1JbKCMUmbScj1zDZhAjBZMvcE3v78:mVX+6UkScZ3+BZMvtv78
Static task
static1
Behavioral task
behavioral1
Sample
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
wildsafari.no-ip.info:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765
-
Size
72KB
-
MD5
67d9264622cde2684cd76d491685e0c0
-
SHA1
c6929603317c313d78e08b4a900361cf4ba952c6
-
SHA256
961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765
-
SHA512
72daedee180d9a6fc0c12293650ab1b709960c8d0643f497adce776bd6e61f552cd3fa8325a2da27c9537daaf0bc5f6e491eb5ed2de6e610780771b09493241f
-
SSDEEP
1536:IPV3C2bm1JbKCMUmbScj1zDZhAjBZMvcE3v78:mVX+6UkScZ3+BZMvtv78
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-