Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

16e030019f...70.exe

windows7-x64

8

16e030019f...70.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe

  • Size

    93KB

  • Sample

    240520-krvbwsch7t

  • MD5

    320f34b9a9f567e773d2a526daf749fa

  • SHA1

    6a56b12f075f8daaf354ca44810bec29e756c941

  • SHA256

    16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170

  • SHA512

    92c05e4d6c55b68810e55b918c5c017c5d772e9f85c65ec0f35b0b9b24345ba33e0e9d1fb0055df8cedb437ee55f6409e3ed16e6eca3a0a03be3831dc5531d50

  • SSDEEP

    768:KY3/KpD7O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3hsGi:ZKBOx6baIa9RPj00ljEwzGi1dDRDUgS

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

6.tcp.eu.ngrok.io:13006
Mutex

ef4ab10333351fde29c0e75b008795bc

Attributes
  • reg_key

    ef4ab10333351fde29c0e75b008795bc

  • splitter

    |'|'|

Targets

    • Target

      16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe

    • Size

      93KB

    • MD5

      320f34b9a9f567e773d2a526daf749fa

    • SHA1

      6a56b12f075f8daaf354ca44810bec29e756c941

    • SHA256

      16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170

    • SHA512

      92c05e4d6c55b68810e55b918c5c017c5d772e9f85c65ec0f35b0b9b24345ba33e0e9d1fb0055df8cedb437ee55f6409e3ed16e6eca3a0a03be3831dc5531d50

    • SSDEEP

      768:KY3/KpD7O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3hsGi:ZKBOx6baIa9RPj00ljEwzGi1dDRDUgS

    Score
    8/10
    evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks