Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.RATX-gen.30771.2599.exe
-
Size
268KB
-
Sample
231014-mww3dscf21
-
MD5
eac56810ae04fc2704b1b89559841ee3
-
SHA1
bbc1dad3bf50eb73a7dbb429ed4bb7016b860968
-
SHA256
b68d46be4a85016270a6cb5d11295225ae4fab655eada32344422edad43c155b
-
SHA512
86f1eb3164669f1a70944e17f29cc419e8d76ae3351665527af7e3f513b44a0e6ae2555bb3b869fd20b310c7de8e45480106e9483e72eb7a9c02f3167f1d25bb
-
SSDEEP
1536:c9H/84RBumqgVp+INHZs5zv2RHtPO19HRYkw+Uo4V8cv/SxDmjLg2BrIGd99XZGY:yEvgVHNHTRNPgRX1SvnlBrII/J+M
Malware Config
Extracted
originbotnet
https://joshua6440.nitrosoftwares.shop/gate
-
add_startup
false
-
download_folder_name
jfede1fc.mke
-
hide_file_startup
false
-
startup_directory_name
MnNshND
-
startup_environment_name
appdata
-
startup_installation_name
MnNshND.exe
-
startup_registry_name
MnNshND
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.30771.2599.exe
-
Size
268KB
-
MD5
eac56810ae04fc2704b1b89559841ee3
-
SHA1
bbc1dad3bf50eb73a7dbb429ed4bb7016b860968
-
SHA256
b68d46be4a85016270a6cb5d11295225ae4fab655eada32344422edad43c155b
-
SHA512
86f1eb3164669f1a70944e17f29cc419e8d76ae3351665527af7e3f513b44a0e6ae2555bb3b869fd20b310c7de8e45480106e9483e72eb7a9c02f3167f1d25bb
-
SSDEEP
1536:c9H/84RBumqgVp+INHZs5zv2RHtPO19HRYkw+Uo4V8cv/SxDmjLg2BrIGd99XZGY:yEvgVHNHTRNPgRX1SvnlBrII/J+M
Score10/10-
OriginBotnet
OriginBotnet is a remote access trojan written in C#.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-