Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6f8798f01a7ec11429f624dbc59b4a32
-
Size
3.1MB
-
Sample
240122-nch7vsehfm
-
MD5
6f8798f01a7ec11429f624dbc59b4a32
-
SHA1
31bf80da7df42fa40a5296328af295fd7fcb9c31
-
SHA256
580e02ff0dba47c835a4abff35ca5ecfe8e04e08206739936556b696141ed844
-
SHA512
6051b115e18a1407f488cbe7a3f419f3a44ef80c38420a124d1886f7d6479fda5b437eda0649221fdc5b29a01587aa92323500e7cf8837f0de15d8323162fa6a
-
SSDEEP
98304:YWv9/FJdgaCB2r/cpy5UGAUnva4vHchPLfjLB:JJmR2brAivzvHUPLfjF
Static task
static1
Behavioral task
behavioral1
Sample
6f8798f01a7ec11429f624dbc59b4a32.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.7d
HacKed
bishkek931.ddns.net:4872
9aae056fac505440e6c8356ee4efc63f
-
reg_key
9aae056fac505440e6c8356ee4efc63f
-
splitter
|'|'|
Targets
-
-
Target
6f8798f01a7ec11429f624dbc59b4a32
-
Size
3.1MB
-
MD5
6f8798f01a7ec11429f624dbc59b4a32
-
SHA1
31bf80da7df42fa40a5296328af295fd7fcb9c31
-
SHA256
580e02ff0dba47c835a4abff35ca5ecfe8e04e08206739936556b696141ed844
-
SHA512
6051b115e18a1407f488cbe7a3f419f3a44ef80c38420a124d1886f7d6479fda5b437eda0649221fdc5b29a01587aa92323500e7cf8837f0de15d8323162fa6a
-
SSDEEP
98304:YWv9/FJdgaCB2r/cpy5UGAUnva4vHchPLfjLB:JJmR2brAivzvHUPLfjF
-
XMRig Miner payload
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1