Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

EncryptedLol.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EncryptedLol.exe

  • Size

    93KB

  • Sample

    240824-p5w5vssgjl

  • MD5

    f5c51640867e02739b95b34eb8bd4a25

  • SHA1

    2f8e5bcbe79a1a689b74dfdc9918dbd85d7bf487

  • SHA256

    4884c28b2097754640eea40a2f4f120aef22c5634510c3d2ef8870131df63c93

  • SHA512

    4eca205dc551ad0ee99cad60c5f84b25f5c1bb4300de6278e11bc5cb6272d7a6f86e7e6a0827fd60b2236dc1787187ee106a3d727ef85a790665dc480fece901

  • SSDEEP

    1536:o//r7EkrjaFIs7E5OxzJn8LjEwzGi1dDCD/gS:o/7jau5OVVni1d8Y

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

94.13.152.8:25565
Mutex

4ea035cf87e2b7f7f04873ba5d377a74

Attributes
  • reg_key

    4ea035cf87e2b7f7f04873ba5d377a74

  • splitter

    |'|'|

Targets

    • Target

      EncryptedLol.exe

    • Size

      93KB

    • MD5

      f5c51640867e02739b95b34eb8bd4a25

    • SHA1

      2f8e5bcbe79a1a689b74dfdc9918dbd85d7bf487

    • SHA256

      4884c28b2097754640eea40a2f4f120aef22c5634510c3d2ef8870131df63c93

    • SHA512

      4eca205dc551ad0ee99cad60c5f84b25f5c1bb4300de6278e11bc5cb6272d7a6f86e7e6a0827fd60b2236dc1787187ee106a3d727ef85a790665dc480fece901

    • SSDEEP

      1536:o//r7EkrjaFIs7E5OxzJn8LjEwzGi1dDCD/gS:o/7jau5OVVni1d8Y

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks