Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
D6E07886220DDE443F7EE7E7669C11FF.exe
-
Size
377KB
-
Sample
240121-n6r2vscdal
-
MD5
d6e07886220dde443f7ee7e7669c11ff
-
SHA1
bf35ccff13cebdb3d137f0bd154e51ab031d6066
-
SHA256
619650da11fb47c9ba3848e5313272a558ff6e5d62d8cec55589ce7af19b4537
-
SHA512
52fc9d6d06eca8652ec27c364a141ea0448eae63e5389183b02a9240c2fe5584168daf3b6568a94541a96f142b410cbe4671225d2308d7a9bbc020f68b86e0b9
-
SSDEEP
3072:beF4lljDwYGftyh1PWTR+y2EhZ/rFrqqq2eZIYS+g4:b
Static task
static1
Behavioral task
behavioral1
Sample
D6E07886220DDE443F7EE7E7669C11FF.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
D6E07886220DDE443F7EE7E7669C11FF.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:13957
02924b9d757b06fa7a3ec3652e5fdc4f
-
reg_key
02924b9d757b06fa7a3ec3652e5fdc4f
-
splitter
|'|'|
Targets
-
-
Target
D6E07886220DDE443F7EE7E7669C11FF.exe
-
Size
377KB
-
MD5
d6e07886220dde443f7ee7e7669c11ff
-
SHA1
bf35ccff13cebdb3d137f0bd154e51ab031d6066
-
SHA256
619650da11fb47c9ba3848e5313272a558ff6e5d62d8cec55589ce7af19b4537
-
SHA512
52fc9d6d06eca8652ec27c364a141ea0448eae63e5389183b02a9240c2fe5584168daf3b6568a94541a96f142b410cbe4671225d2308d7a9bbc020f68b86e0b9
-
SSDEEP
3072:beF4lljDwYGftyh1PWTR+y2EhZ/rFrqqq2eZIYS+g4:b
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-