Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba01ead08a32fdc4048df2a6cd555663.bin

  • Size

    16KB

  • Sample

    240114-d7t8hacdh9

  • MD5

    34587a27910178dba304cf784631ace1

  • SHA1

    8aa5ae5f4fb1a36036f87e3a5674be099286aae4

  • SHA256

    b023f217d03dab1994e73e22c2e52bddbfa8bc978a3a76a724f0f559a9ad7287

  • SHA512

    4a4bd6f82a959465cc7bd582c820dfe63e65041e01e2bf7c28bdd18923adb5e07a5296364338a1c4b42c0f93298a9d4fc061b716ef6f6f10feb85b402edc44dc

  • SSDEEP

    384:ccrBpuW8WtT/Ns10IcMAKed68BP0wdVN0M2DaLRvgOoDKG:ccNpuW8Wtrq1hcMMz8wrN0JaV47KG

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:15595

Mutex

7d59e96b56ce3e3efefe1898b2888670

Attributes
  • reg_key

    7d59e96b56ce3e3efefe1898b2888670

  • splitter

    |'|'|

Targets

    • Target

      43bdfc9704b3cf395af87f2bee4d8e06ba314e99a545b32a5416249744dc6961.exe

    • Size

      37KB

    • MD5

      ba01ead08a32fdc4048df2a6cd555663

    • SHA1

      d4e659802b1c9c473c4072cc2450bb31e7719547

    • SHA256

      43bdfc9704b3cf395af87f2bee4d8e06ba314e99a545b32a5416249744dc6961

    • SHA512

      8d46a022386cb81225a2964f0d885b63842f2ba0bb5bdea8e323be81d429efbcdf5705a9c8e353e544edf1e816968a336c2f8759c66038adb47cbab59a46c7f4

    • SSDEEP

      384:MySvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXU:tS7TZ38fvCv3E1cQrM+rMRa8Nuzat

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks