Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.RATX-gen.5586.24858.exe
-
Size
541KB
-
Sample
231014-mwwrmacf2y
-
MD5
edbe2f8eda4005da44e877b8c2c99163
-
SHA1
09a8769cc7537dc7cde52c2747364fb17cac5fe8
-
SHA256
2e2112dfaed2fb60f86a66f02be3ab8bdba35e174e9d7e0c1e89d4f265cb23d1
-
SHA512
f733171e0b720a635d60a1fca7700d1384ca98095a70edbbc9e0e5b1bb4e34c28066fe50051d1e7013cf8248091ec2e8dfad2ac30636d81825e59d492f234aa8
-
SSDEEP
1536:VxH/84RBumqgiBxcSZgFj5zlNc+ZYo7/rfOTNcmltpsXnRCHlTigBVrFuOL5aZc0:fEvgiTcSsO4Yo7jfYLtp0yluOLb
Malware Config
Extracted
originbotnet
https://nitrosoftwares.shop/gate
-
add_startup
false
-
download_folder_name
4yyaqgto.m0g
-
hide_file_startup
false
-
startup_directory_name
hhlquS
-
startup_environment_name
appdata
-
startup_installation_name
hhlquS.exe
-
startup_registry_name
hhlquS
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.5586.24858.exe
-
Size
541KB
-
MD5
edbe2f8eda4005da44e877b8c2c99163
-
SHA1
09a8769cc7537dc7cde52c2747364fb17cac5fe8
-
SHA256
2e2112dfaed2fb60f86a66f02be3ab8bdba35e174e9d7e0c1e89d4f265cb23d1
-
SHA512
f733171e0b720a635d60a1fca7700d1384ca98095a70edbbc9e0e5b1bb4e34c28066fe50051d1e7013cf8248091ec2e8dfad2ac30636d81825e59d492f234aa8
-
SSDEEP
1536:VxH/84RBumqgiBxcSZgFj5zlNc+ZYo7/rfOTNcmltpsXnRCHlTigBVrFuOL5aZc0:fEvgiTcSsO4Yo7jfYLtp0yluOLb
Score10/10-
OriginBotnet
OriginBotnet is a remote access trojan written in C#.
-
Suspicious use of SetThreadContext
-