Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/07/2023, 09:59
230707-lz275sgc54 10General
-
Target
14052163e50c197697c64b1431b42271.exe
-
Size
17.6MB
-
Sample
230707-lz275sgc54
-
MD5
14052163e50c197697c64b1431b42271
-
SHA1
df301332faa73c3d5f915fde61df2fc9de21a61a
-
SHA256
4e0ddcd303f27c01dcc8a35a9bd821c53fb7dcca474ac7f0c84d3c6451e9f778
-
SHA512
124f6fb9812fe56fc9428a53206e67ada7a5221bbac08204c52fc9df970a492f133ac3911b1cfd2a76c58b8921580f58b2f8d32db7395442549bdfefafc3bfab
-
SSDEEP
393216:LOh37DR+wwmOoDxRz016TCORfagi8boLH6fQmQa9T1AE0Grq:g/FRxRzlRfPeLajLlg
Static task
static1
Behavioral task
behavioral1
Sample
14052163e50c197697c64b1431b42271.exe
Resource
win7-20230703-en
Malware Config
Extracted
https://files.catbox.moe/fvl5hy.jpg
Extracted
njrat
0.7d
fr
francia.ydns.eu:5553
8721754955d2136ee214cac4b72b7338
-
reg_key
8721754955d2136ee214cac4b72b7338
-
splitter
|'|'|
Extracted
wshrat
http://francia.ydns.eu:8000
Targets
-
-
Target
14052163e50c197697c64b1431b42271.exe
-
Size
17.6MB
-
MD5
14052163e50c197697c64b1431b42271
-
SHA1
df301332faa73c3d5f915fde61df2fc9de21a61a
-
SHA256
4e0ddcd303f27c01dcc8a35a9bd821c53fb7dcca474ac7f0c84d3c6451e9f778
-
SHA512
124f6fb9812fe56fc9428a53206e67ada7a5221bbac08204c52fc9df970a492f133ac3911b1cfd2a76c58b8921580f58b2f8d32db7395442549bdfefafc3bfab
-
SSDEEP
393216:LOh37DR+wwmOoDxRz016TCORfagi8boLH6fQmQa9T1AE0Grq:g/FRxRzlRfPeLajLlg
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-