Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x000b00000001224f-8.dat

  • Size

    93KB

  • Sample

    240121-n83alschc7

  • MD5

    9040cb3dbe2e34705bc12e5a7d7258c8

  • SHA1

    1f0c63d580f2a2327387e6d61cd86b3dbff366f7

  • SHA256

    f2765ebf420d62efbd5da6c2427b4e9cdad20ecb36ba1a6c8bf195db359d4844

  • SHA512

    677d8f7f1ef49a7a6f127ce4044b50a381e9f0645c9e00a8e1929b258795e5433d5ede30e6a7b61bac913659ac9b1851cc2c01f1f8d8b2cf58e72b57d7d7723a

  • SSDEEP

    1536:HUwC+xhUa9urgOBPmNvM4jEwzGi1dDFDTgS:HUmUa9urgOkdGi1dZM

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:13957

Mutex

02924b9d757b06fa7a3ec3652e5fdc4f

Attributes
  • reg_key

    02924b9d757b06fa7a3ec3652e5fdc4f

  • splitter

    |'|'|

Targets

    • Target

      0x000b00000001224f-8.dat

    • Size

      93KB

    • MD5

      9040cb3dbe2e34705bc12e5a7d7258c8

    • SHA1

      1f0c63d580f2a2327387e6d61cd86b3dbff366f7

    • SHA256

      f2765ebf420d62efbd5da6c2427b4e9cdad20ecb36ba1a6c8bf195db359d4844

    • SHA512

      677d8f7f1ef49a7a6f127ce4044b50a381e9f0645c9e00a8e1929b258795e5433d5ede30e6a7b61bac913659ac9b1851cc2c01f1f8d8b2cf58e72b57d7d7723a

    • SSDEEP

      1536:HUwC+xhUa9urgOBPmNvM4jEwzGi1dDFDTgS:HUmUa9urgOkdGi1dZM

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks