Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe
-
Size
93KB
-
Sample
240520-krvbwsch7t
-
MD5
320f34b9a9f567e773d2a526daf749fa
-
SHA1
6a56b12f075f8daaf354ca44810bec29e756c941
-
SHA256
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170
-
SHA512
92c05e4d6c55b68810e55b918c5c017c5d772e9f85c65ec0f35b0b9b24345ba33e0e9d1fb0055df8cedb437ee55f6409e3ed16e6eca3a0a03be3831dc5531d50
-
SSDEEP
768:KY3/KpD7O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3hsGi:ZKBOx6baIa9RPj00ljEwzGi1dDRDUgS
Behavioral task
behavioral1
Sample
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
6.tcp.eu.ngrok.io:13006
ef4ab10333351fde29c0e75b008795bc
-
reg_key
ef4ab10333351fde29c0e75b008795bc
-
splitter
|'|'|
Targets
-
-
Target
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170.exe
-
Size
93KB
-
MD5
320f34b9a9f567e773d2a526daf749fa
-
SHA1
6a56b12f075f8daaf354ca44810bec29e756c941
-
SHA256
16e030019f05b734a973a0fafc0fb678d0eb2736cfd5159a7ea82ebf3c198170
-
SHA512
92c05e4d6c55b68810e55b918c5c017c5d772e9f85c65ec0f35b0b9b24345ba33e0e9d1fb0055df8cedb437ee55f6409e3ed16e6eca3a0a03be3831dc5531d50
-
SSDEEP
768:KY3/KpD7O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3hsGi:ZKBOx6baIa9RPj00ljEwzGi1dDRDUgS
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-