Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95
-
Size
911KB
-
Sample
221127-wt1ggace3v
-
MD5
5947d179c77c96f7a4b174d277725383
-
SHA1
f925ac6d657e01b5281c0cb1e5aaf01beddb8281
-
SHA256
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95
-
SHA512
9625c7406a8f501996242bdffdef259f3804b23b6ddac53d74be2e3a4cd1ced12a0ab4bd91cf91dded4d9003f1bee7122c56d47ab54b9e48dbcea54522755fdf
-
SSDEEP
12288:Atb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga+r91G0X6A:Atb20pkaCqT5TBWgNQ7a+r9FX6A
Static task
static1
Behavioral task
behavioral1
Sample
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
hamza
rrs123.no-ip.org:60
6188e1c717e994538c5502a5488c8d23
-
reg_key
6188e1c717e994538c5502a5488c8d23
-
splitter
|'|'|
Targets
-
-
Target
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95
-
Size
911KB
-
MD5
5947d179c77c96f7a4b174d277725383
-
SHA1
f925ac6d657e01b5281c0cb1e5aaf01beddb8281
-
SHA256
2c1fd59ada63ebd87def7bda6f66a2494e2e21ff971022bb42b175617c398a95
-
SHA512
9625c7406a8f501996242bdffdef259f3804b23b6ddac53d74be2e3a4cd1ced12a0ab4bd91cf91dded4d9003f1bee7122c56d47ab54b9e48dbcea54522755fdf
-
SSDEEP
12288:Atb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga+r91G0X6A:Atb20pkaCqT5TBWgNQ7a+r9FX6A
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-