Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a09a3b6b6bea6ef91aef5d0dd4581b88.bin
-
Size
18KB
-
Sample
240122-c569lsfbe7
-
MD5
f16a34d67a40b66f2595de4b485b3ef8
-
SHA1
0af910b1733db7dbbdc2aaf0ab9442203debdc89
-
SHA256
2016387ced33889b3ee002b9ff9f7dfcd91ae2b1358f96279488265e44bc0770
-
SHA512
4f329333c4eaac8429f6732436b4a7d48c3b8a1fa370bfa49e90c91588ba84c4034721bc5858f135828169a84a4a1f658c90db2cef2b1d0274a6be5156713fb3
-
SSDEEP
384:EitLEhMqRI6pohxvP7o0twLy3Z6oaCAhRjoke1YD0Ev5NEFOmxcnc:FLE6YIeonP70GZ6vb8ke1YAI5iQmxcc
Behavioral task
behavioral1
Sample
6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:10929
39b05030c645f6e80bce801caf1f7d61
-
reg_key
39b05030c645f6e80bce801caf1f7d61
-
splitter
|'|'|
Targets
-
-
Target
6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25.exe
-
Size
103KB
-
MD5
a09a3b6b6bea6ef91aef5d0dd4581b88
-
SHA1
098ed5d82ade538154634a9f44d8f91607c23392
-
SHA256
6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25
-
SHA512
42c383b30292cb2521f70e3dcc30b96553e50866ab965f9304bf2808d90ea4be01efa12d380f6d9b76ffe57f09974d5563e5a6018a2009328ce18a25b4b3d1f8
-
SSDEEP
384:y4n/7AKiwBiaJzN5BLiFI4yUvcP3vr042r49ZrAF+rMRTyN/0L+EcoinblneHQMs://hXP5TUvcPgl4HrM+rMRa8Nup0t
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1