Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    240113-grgt1sdccr

  • MD5

    f75d40245059d28d2e3f8bcf5ec374e0

  • SHA1

    6163aae83ce7a99c7bcd279d13f90d3dec635fc5

  • SHA256

    dbce0db5f5d1aab5ec6076843ce330f80116138604d7d38206d348f2827885a9

  • SHA512

    432cd65b374e63fe1ab01c37d5fcc1f383d49163e02de1b37348ab9e9f4e22b8d8e21e00c0630b6c035aa8454ff5d37107ad933cb53bca6ee616760126ece9ab

  • SSDEEP

    384:g+SvEiTbTvpWNcZ0y8fvCv3v3dwLkacparAF+rMRTyN/0L+EcoinblneHQM3epzL:lS7TZ38fvCv3Vw1cQrM+rMRa8NuvTt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:17881

Mutex

97142a3c3ab0d5b8b4630083f1f9815d

Attributes
  • reg_key

    97142a3c3ab0d5b8b4630083f1f9815d

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      f75d40245059d28d2e3f8bcf5ec374e0

    • SHA1

      6163aae83ce7a99c7bcd279d13f90d3dec635fc5

    • SHA256

      dbce0db5f5d1aab5ec6076843ce330f80116138604d7d38206d348f2827885a9

    • SHA512

      432cd65b374e63fe1ab01c37d5fcc1f383d49163e02de1b37348ab9e9f4e22b8d8e21e00c0630b6c035aa8454ff5d37107ad933cb53bca6ee616760126ece9ab

    • SSDEEP

      384:g+SvEiTbTvpWNcZ0y8fvCv3v3dwLkacparAF+rMRTyN/0L+EcoinblneHQM3epzL:lS7TZ38fvCv3Vw1cQrM+rMRa8NuvTt

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks