Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Spoofer by kero.exe

  • Size

    93KB

  • Sample

    240121-yds4kaghhq

  • MD5

    6243f6fec4c00144fe8bc0a5eb9207f8

  • SHA1

    d40354cae8a5220f54d2c65d1216b82d3d164f28

  • SHA256

    18dcdea8ad6ed1da48c7fd85a62e2fe4b5bdf4e447bb28cfe17ea705396d0878

  • SHA512

    91572d051380bcc715b34a67f4b39e7fb77098d0a2f41f417271b501d67db2dd250e9da0f1ac483604de33028220152f172a00488007dbc2cef2cf14e5099b34

  • SSDEEP

    768:bY33UnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3isGG:6UxOx6baIa9RZj00ljEwzGi1dD+DYgS

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

4.tcp.eu.ngrok.io:17216

Mutex

56d25428d689c9955d5640bc4b690890

Attributes
  • reg_key

    56d25428d689c9955d5640bc4b690890

  • splitter

    |'|'|

Targets

    • Target

      Spoofer by kero.exe

    • Size

      93KB

    • MD5

      6243f6fec4c00144fe8bc0a5eb9207f8

    • SHA1

      d40354cae8a5220f54d2c65d1216b82d3d164f28

    • SHA256

      18dcdea8ad6ed1da48c7fd85a62e2fe4b5bdf4e447bb28cfe17ea705396d0878

    • SHA512

      91572d051380bcc715b34a67f4b39e7fb77098d0a2f41f417271b501d67db2dd250e9da0f1ac483604de33028220152f172a00488007dbc2cef2cf14e5099b34

    • SSDEEP

      768:bY33UnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3isGG:6UxOx6baIa9RZj00ljEwzGi1dD+DYgS

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks