Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    240116-jx31jsghc8

  • MD5

    6270637041eefe471fcae916e84e8384

  • SHA1

    b6c32698180759438d38ab1fde3d4f95ba0d60af

  • SHA256

    09cb837feb57790dbf8dd3f3f7b26828f44a4611630ff1f32ed96e01c74c2388

  • SHA512

    2226ea3ae69853a95cb8dbc91f8d94c0fd7c1cbf17812ed9b7a4df19e07d968a3f60e7e8d7c9dbdf3e401594f4444a91c62d185b6aa60068c786cf2072925427

  • SSDEEP

    384:U0SvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXS:HS7TZ38fvCv3E1cQrM+rMRa8NuYPrt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:11739

Mutex

4a7a43feee28c700641651c12dfcf4b7

Attributes
  • reg_key

    4a7a43feee28c700641651c12dfcf4b7

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      6270637041eefe471fcae916e84e8384

    • SHA1

      b6c32698180759438d38ab1fde3d4f95ba0d60af

    • SHA256

      09cb837feb57790dbf8dd3f3f7b26828f44a4611630ff1f32ed96e01c74c2388

    • SHA512

      2226ea3ae69853a95cb8dbc91f8d94c0fd7c1cbf17812ed9b7a4df19e07d968a3f60e7e8d7c9dbdf3e401594f4444a91c62d185b6aa60068c786cf2072925427

    • SSDEEP

      384:U0SvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXS:HS7TZ38fvCv3E1cQrM+rMRa8NuYPrt

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks