Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rrrServer.exe
-
Size
93KB
-
Sample
240721-xrl2qszgrg
-
MD5
ce2af732afc7f49ed2a33fe9ca4973c0
-
SHA1
3a595322305cd5728dee1f8e0edfcb2baca5e20d
-
SHA256
1c8ad2d3edf85ee66ce0735cd809063d6ffa7b07ad261106621174bd25d2bcc0
-
SHA512
edd06d5c2d79bfe53d911de64e12e4aa52669afd8e5f0f91642fd7fb3713c0d9c8c6effe93c12d22e21845b4d67954654079f9c35e0a1e1c5a0c252389c21434
-
SSDEEP
768:2Y30YMUiu5LVMZASgeArRKm6t0XJmmm6gaeG+KXxrjEtCdnl2pi1Rz4Rk3tsGdpH:mYMputRe2Rx6koab9jEwzGi1dD9D3gS
Behavioral task
behavioral1
Sample
rrrServer.exe
Resource
win10-20240404-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
147.185.221.18:37615
4ca7ea912d08da37869d1251c09733c8
-
reg_key
4ca7ea912d08da37869d1251c09733c8
-
splitter
|'|'|
Targets
-
-
Target
rrrServer.exe
-
Size
93KB
-
MD5
ce2af732afc7f49ed2a33fe9ca4973c0
-
SHA1
3a595322305cd5728dee1f8e0edfcb2baca5e20d
-
SHA256
1c8ad2d3edf85ee66ce0735cd809063d6ffa7b07ad261106621174bd25d2bcc0
-
SHA512
edd06d5c2d79bfe53d911de64e12e4aa52669afd8e5f0f91642fd7fb3713c0d9c8c6effe93c12d22e21845b4d67954654079f9c35e0a1e1c5a0c252389c21434
-
SSDEEP
768:2Y30YMUiu5LVMZASgeArRKm6t0XJmmm6gaeG+KXxrjEtCdnl2pi1Rz4Rk3tsGdpH:mYMputRe2Rx6koab9jEwzGi1dD9D3gS
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1