Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Ratka.exe

  • Size

    37KB

  • Sample

    240612-gwf4aasfkh

  • MD5

    f82ab1b6c91dbfc8a1fc643f3c10922b

  • SHA1

    5088dc1515bf6cedfbea693bdf0d897e25345775

  • SHA256

    3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285

  • SHA512

    def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e

  • SSDEEP

    384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11331

Mutex

166eee41ae0e0f4544d895f9671505cf

Attributes
  • reg_key

    166eee41ae0e0f4544d895f9671505cf

  • splitter

    |'|'|

Targets

    • Target

      Ratka.exe

    • Size

      37KB

    • MD5

      f82ab1b6c91dbfc8a1fc643f3c10922b

    • SHA1

      5088dc1515bf6cedfbea693bdf0d897e25345775

    • SHA256

      3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285

    • SHA512

      def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e

    • SSDEEP

      384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks