Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c4cfbb0106571122d1cc4364513e7803.exe
-
Size
596KB
-
Sample
230612-dplhmsbc6x
-
MD5
c4cfbb0106571122d1cc4364513e7803
-
SHA1
1a3a7b1357ed56b0183d03ee4b859659cc68f986
-
SHA256
a54a3ca8ce01f7e9855d4d47d35bc82520ebd8d16a77df24e398b220d86d445d
-
SHA512
36a13d91a28d051fbf7c611d3c6ef7014ee8bcddc2ce5bca72f094f70bd0dbfb99a50025455203f0fabb60c61afc89aabf2e41f70aac5349372a146500eaefaa
-
SSDEEP
12288:ugZXEAO/BUdG3gVdt7KT4OIC4J84wHM5Qiu62PJr+ymhm:ugZXoZUTVdt7KTxoSs5QhCymhm
Static task
static1
Behavioral task
behavioral1
Sample
c4cfbb0106571122d1cc4364513e7803.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
2.tcp.eu.ngrok.io:19328
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
c4cfbb0106571122d1cc4364513e7803.exe
-
Size
596KB
-
MD5
c4cfbb0106571122d1cc4364513e7803
-
SHA1
1a3a7b1357ed56b0183d03ee4b859659cc68f986
-
SHA256
a54a3ca8ce01f7e9855d4d47d35bc82520ebd8d16a77df24e398b220d86d445d
-
SHA512
36a13d91a28d051fbf7c611d3c6ef7014ee8bcddc2ce5bca72f094f70bd0dbfb99a50025455203f0fabb60c61afc89aabf2e41f70aac5349372a146500eaefaa
-
SSDEEP
12288:ugZXEAO/BUdG3gVdt7KT4OIC4J84wHM5Qiu62PJr+ymhm:ugZXoZUTVdt7KTxoSs5QhCymhm
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-