Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
podgruz111.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
podgruz111.exe
Resource
win10v2004-20231215-en
General
-
Target
podgruz111.exe
-
Size
93KB
-
MD5
58d571e60b937b83d350e738104c24e3
-
SHA1
6b07793dfb33618262e6f8dfe451fb34af3c5d7b
-
SHA256
dad10857dd0ac5947afa9cd37ced64cc597b8361f176d4ca52e721cad6efa857
-
SHA512
af6e6bf5ea4363af0a0541685bbbff6cb4a60d93bccf8dd6b77c3e4125a44fc9fd71a5020433bbdfb34aea171f75ee9cd1c1235fdf02a5fd5dd065ce9b53f3db
-
SSDEEP
1536:W+EC+xhUa9urgOB9mNvM4jEwzGi1dDWDLgS:W+aUa9urgOidGi1dwE
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
tcp://6.tcp.eu.ngrok.io:13648
c94d5aa4ace5c033720681b083ec14b1
-
reg_key
c94d5aa4ace5c033720681b083ec14b1
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource podgruz111.exe
Files
-
podgruz111.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ