Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c35f831d409c55e4925e96f17c298126.exe
-
Size
43KB
-
Sample
240114-b9tnmshhgl
-
MD5
c35f831d409c55e4925e96f17c298126
-
SHA1
3cd4b6da23cb04e5dbe12d11562921f90a4c4464
-
SHA256
7053364c34ad127e351736677b20987ae51fef387ddbb3253b845c09491a2a07
-
SHA512
8376c6fe8aa6165bd81327f25e0034515a2d1d9e02c27e86504c05b33b82d780cf7210613615101246e7e0f3d9f6b3b5af9a8b98b2da501b0d207d0e80b67ab7
-
SSDEEP
384:s8ZyyHqGyCEFmVoybL/ldPCtm8CEdUDMghIzEIij+ZsNO3PlpJKkkjh/TzF7pWn3:s6TKGyVAVlbL/l5inoggYuXQ/os+L
Behavioral task
behavioral1
Sample
c35f831d409c55e4925e96f17c298126.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c35f831d409c55e4925e96f17c298126.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.ap.ngrok.io:18777
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
c35f831d409c55e4925e96f17c298126.exe
-
Size
43KB
-
MD5
c35f831d409c55e4925e96f17c298126
-
SHA1
3cd4b6da23cb04e5dbe12d11562921f90a4c4464
-
SHA256
7053364c34ad127e351736677b20987ae51fef387ddbb3253b845c09491a2a07
-
SHA512
8376c6fe8aa6165bd81327f25e0034515a2d1d9e02c27e86504c05b33b82d780cf7210613615101246e7e0f3d9f6b3b5af9a8b98b2da501b0d207d0e80b67ab7
-
SSDEEP
384:s8ZyyHqGyCEFmVoybL/ldPCtm8CEdUDMghIzEIij+ZsNO3PlpJKkkjh/TzF7pWn3:s6TKGyVAVlbL/l5inoggYuXQ/os+L
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-