Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fd834aa1b60c3f0ad7969d9cc626b5afc5ab93f45b1bb197551beaf2b56a90b5
-
Size
13KB
-
Sample
221125-zsf8zshe5x
-
MD5
5139964bad6734455085ab040eb9eeda
-
SHA1
c8a4609f17815536e3d3e22647aa7930c63e5d9f
-
SHA256
fd834aa1b60c3f0ad7969d9cc626b5afc5ab93f45b1bb197551beaf2b56a90b5
-
SHA512
1b0ddf51a2d7173a20654a48689b3aaddc25219025d61a3902821bfee1fe4dbfc7fbc09ef8dd13631decb92fb023f0425f85865e6585b3a2f9e4e0180c4075c8
-
SSDEEP
384:aMir3BPlJmE0nbC4/wIKzwlKRozN5wNaEV7:5IXJ/MeAwIcwuI5wQEZ
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.6.4
hacked
niras.no-ip.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
Server.txt
-
Size
29KB
-
MD5
f7d0b25c3115647720776246e58f066a
-
SHA1
7126e6a1e589245a84733375c25c598ad79c6d17
-
SHA256
9f45c1e83903345f6e2327b3efa04767549b5732a80d9a67374182c65f110660
-
SHA512
10c5188f4e583cea6e3c098de19db1a3a2fe7b3be14e5fc61e1c5d447f1b16333c174862b47a6cca41a5e7c2cb7067cc172b9e56bf6954c100f721210dcb8654
-
SSDEEP
768:aQv/27NYsDkfZPoIqlHepBKh0p29SgRru:Pm7N143wEKhG29jru
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-