Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ef88013105357db2be870d0557f41e7c_JaffaCakes118
-
Size
14KB
-
Sample
240921-lsmh4swckf
-
MD5
ef88013105357db2be870d0557f41e7c
-
SHA1
906864394a1715f283ba1a724b521b6e36827195
-
SHA256
180c1593184328ae276173554183e068d0f8379f1aaec63c7ad705042fbc7d73
-
SHA512
adfa4b061310545573b4da835b0c52f39b6986daf6e775cb1c0d263a21e99e04a7653f7ad2a17f0341c184e7e6df48d17d74d0aa2bda3b3b54612ec0a63b3856
-
SSDEEP
384:QfQQHn64PSWRgaJ3qeG3Rxos7d3o+4SGazpDJPX+cAS3:2QQa4qW643qRos72VSGop1WK
Behavioral task
behavioral1
Sample
L1xware.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
L1xware.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
Hacked By HiDDen PerSOn
l1x.ddns.net:5552
452d007e0e891c3400f56e8d13041c1e
-
reg_key
452d007e0e891c3400f56e8d13041c1e
-
splitter
|'|'|
Targets
-
-
Target
L1xware.exe
-
Size
32KB
-
MD5
b369b171954015e188eb2646dbd4c817
-
SHA1
41b79bd407b8c6a6edc87c66e6692bf203ce749b
-
SHA256
6aeada94389e3c6c001857ce2e22139e63a4ece256faf3dcde568adadfdc1bf5
-
SHA512
0acc701ff7a30dbc665847fd06094737ae863b228459661dfbb0e42fcfc92585c09e391876787ca6fd99002e3c997390f40bcf07d2a87ff7d6bc69416ee03efc
-
SSDEEP
384:WF5kg0KQUvUpsi+daDpyFva9dFPIQL1fJfiTK2glD4odg9TduS/EIGsJjwE7UMcY:Oo0Ldae8/FmouDuCEIGfRt+f
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1