Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bSWN.exe
-
Size
23KB
-
Sample
240116-eqvclscgbn
-
MD5
584546daa2033c86dc8478d932d1a3d6
-
SHA1
2b6b2eb17bb356a6fe4255b243e27e04ba6d323b
-
SHA256
02e505dc7b4b2c438d1413310777d2092c7f45753c9379f1b47dd4740728dda7
-
SHA512
73ddf430d7949959ee6f5c482c8c40c0a852a0abc8da060bf69deae4646d1bb25adf375af6db93f13eb38dd65ca355fb92003e03b1bb3a904a70112f01f6d480
-
SSDEEP
384:ts2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDZ:WQ/ok1lzRpcnu6
Behavioral task
behavioral1
Sample
bSWN.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bSWN.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
HacKed
safeprojectbr.duckdns.org:1010
3d483c4736411b81721a6cabe9329c70
-
reg_key
3d483c4736411b81721a6cabe9329c70
-
splitter
|'|'|
Targets
-
-
Target
bSWN.exe
-
Size
23KB
-
MD5
584546daa2033c86dc8478d932d1a3d6
-
SHA1
2b6b2eb17bb356a6fe4255b243e27e04ba6d323b
-
SHA256
02e505dc7b4b2c438d1413310777d2092c7f45753c9379f1b47dd4740728dda7
-
SHA512
73ddf430d7949959ee6f5c482c8c40c0a852a0abc8da060bf69deae4646d1bb25adf375af6db93f13eb38dd65ca355fb92003e03b1bb3a904a70112f01f6d480
-
SSDEEP
384:ts2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDZ:WQ/ok1lzRpcnu6
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1