Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bSWK.exe
-
Size
23KB
-
Sample
240116-ck17vsbbar
-
MD5
7261770666f41d4b65dc9590d0c4a1fd
-
SHA1
7149ae39230bbeb78551d012c35e2f4470cd4077
-
SHA256
9fcede2fe80c31c00102d9a01cbce1e6110c8d7f473d43111adbcd13fa877132
-
SHA512
3da00e5532ed8c450625c6486aabf15c793745c55765d8840b712eae19e874cb3d29242881cf0551fb95aa44f390ebbcb61e01fbb0e35e6c5be930bf7e4b1ba2
-
SSDEEP
384:Ys2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDb:PQ/ok1lzRpcnuA
Behavioral task
behavioral1
Sample
bSWK.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bSWK.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
njrat
0.7d
HacKed
safeprojectbr.duckdns.org:1010
3d483c4736411b81721a6cabe9329c70
-
reg_key
3d483c4736411b81721a6cabe9329c70
-
splitter
|'|'|
Targets
-
-
Target
bSWK.exe
-
Size
23KB
-
MD5
7261770666f41d4b65dc9590d0c4a1fd
-
SHA1
7149ae39230bbeb78551d012c35e2f4470cd4077
-
SHA256
9fcede2fe80c31c00102d9a01cbce1e6110c8d7f473d43111adbcd13fa877132
-
SHA512
3da00e5532ed8c450625c6486aabf15c793745c55765d8840b712eae19e874cb3d29242881cf0551fb95aa44f390ebbcb61e01fbb0e35e6c5be930bf7e4b1ba2
-
SSDEEP
384:Ys2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDb:PQ/ok1lzRpcnuA
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1