Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Server.exe
-
Size
37KB
-
Sample
240113-grgt1sdccr
-
MD5
f75d40245059d28d2e3f8bcf5ec374e0
-
SHA1
6163aae83ce7a99c7bcd279d13f90d3dec635fc5
-
SHA256
dbce0db5f5d1aab5ec6076843ce330f80116138604d7d38206d348f2827885a9
-
SHA512
432cd65b374e63fe1ab01c37d5fcc1f383d49163e02de1b37348ab9e9f4e22b8d8e21e00c0630b6c035aa8454ff5d37107ad933cb53bca6ee616760126ece9ab
-
SSDEEP
384:g+SvEiTbTvpWNcZ0y8fvCv3v3dwLkacparAF+rMRTyN/0L+EcoinblneHQM3epzL:lS7TZ38fvCv3Vw1cQrM+rMRa8NuvTt
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.eu.ngrok.io:17881
97142a3c3ab0d5b8b4630083f1f9815d
-
reg_key
97142a3c3ab0d5b8b4630083f1f9815d
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
f75d40245059d28d2e3f8bcf5ec374e0
-
SHA1
6163aae83ce7a99c7bcd279d13f90d3dec635fc5
-
SHA256
dbce0db5f5d1aab5ec6076843ce330f80116138604d7d38206d348f2827885a9
-
SHA512
432cd65b374e63fe1ab01c37d5fcc1f383d49163e02de1b37348ab9e9f4e22b8d8e21e00c0630b6c035aa8454ff5d37107ad933cb53bca6ee616760126ece9ab
-
SSDEEP
384:g+SvEiTbTvpWNcZ0y8fvCv3v3dwLkacparAF+rMRTyN/0L+EcoinblneHQM3epzL:lS7TZ38fvCv3Vw1cQrM+rMRa8NuvTt
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1