Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9
-
Size
195KB
-
Sample
240121-zan6wahfdn
-
MD5
76e57bb03c3ed6f74431d2a0d3a9af30
-
SHA1
680b6f4f9026c56048794e39d1f2396d5389305a
-
SHA256
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9
-
SHA512
35ce1722751d2a4b19ad51adc489651ca5cdecde7a42962311234373b39c8b258814aeab4975e68a259298340640ce10a0b357653292556bd6425a263c05e7d8
-
SSDEEP
3072:8xT6Jh+yJFg1Mr8b4bSPGEYmf34Rs7+S:8T6qT6S4nVmwRo
Behavioral task
behavioral1
Sample
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:16603
fef28429a4f072630b0637e4c19aa107
-
reg_key
fef28429a4f072630b0637e4c19aa107
-
splitter
|'|'|
Targets
-
-
Target
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9
-
Size
195KB
-
MD5
76e57bb03c3ed6f74431d2a0d3a9af30
-
SHA1
680b6f4f9026c56048794e39d1f2396d5389305a
-
SHA256
ea8eebeb8b6b807f3bc924391e7fbceb046eec38ded21006ee921bd52f2347d9
-
SHA512
35ce1722751d2a4b19ad51adc489651ca5cdecde7a42962311234373b39c8b258814aeab4975e68a259298340640ce10a0b357653292556bd6425a263c05e7d8
-
SSDEEP
3072:8xT6Jh+yJFg1Mr8b4bSPGEYmf34Rs7+S:8T6qT6S4nVmwRo
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1