Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

AVI Reader.exe

windows7-x64

10

AVI Reader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AVI Reader.zip

  • Size

    39KB

  • Sample

    230908-y775ksfb85

  • MD5

    275a4ace9badbb4f53960907a03d0d0e

  • SHA1

    e563b20aa95a6ae2d6d849ceef9f360642bc7740

  • SHA256

    b6277dce9a2568e6b10d51b0b3ea3e63e9f97f40a6ea8f83163bd426d30a84e6

  • SHA512

    a3c8eb9abc3e2a2c3eaf8946390721c6edbe55b56c6147ffd933d5cb1bf48c7a1303ab450ad415c180504253b171ea1f26237d8accf145d99c50ada6ad2d964e

  • SSDEEP

    768:wEzNxPEIvSeEskUGFqHsrVJh9rAQPgRuF+7i64nlotYK/Z7hkmB0zcoAMJ:wUPtP8JhXh5AWYuF+7ietYUOLcoV

Score
10/10
njratxwormcheatspersistencerattrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Cheats

C2

127.0.0.1:1

Mutex

smss.exe

Attributes
  • reg_key

    smss.exe

  • splitter

    |Ghost|

Extracted

Family

xworm

C2

192.168.2.133:1

217.229.108.168:1
Attributes
  • install_file

    USB.exe

Targets

    • Target

      AVI Reader.exe

    • Size

      49KB

    • MD5

      c3ec94cb1c15fbfd213aa5d5854b8e3f

    • SHA1

      65726604b29227377aadef41da87a7306c852f0c

    • SHA256

      87a340c6dc9b2e994fddc7edb764ab197ce3eb576c4456a89b9faddd5f28b0b4

    • SHA512

      e9cc11eb5e5e7426f9b8109e73194fccf989bfba3c04b73b78094946e79c5c31f3bb85d75193bc370b192836932a6bd8fdda1f3b5ff7b027a911b9bd7612aebf

    • SSDEEP

      1536:a7dS1EAd8II28ca2zhmamGJCKDRMcyEQXGNEPRbw1Rl:igEA6II2Da2zPf/XyEQSiRby

    Score
    10/10
    njratxwormcheatspersistencerattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks