Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_6531706b8e4f38ca29526f2181daa0e0
-
Size
10KB
-
Sample
250102-pzh12svpdl
-
MD5
6531706b8e4f38ca29526f2181daa0e0
-
SHA1
a7f7304673ad7a3504e760289e613f542587836c
-
SHA256
1ce4ea54eafcf811b5a514d025ae16e48ec373ce3075c4209ee2ed8cc1992697
-
SHA512
6fb0f3d743541ebd7fc6022dfa6102721973082203b8dd1c70306b34ed3440b55f9d66e1237dd91447600eb2985e3ceda22094b64d3034d90e6d882d6edf3daa
-
SSDEEP
192:TPX4HUGQGpJqvlONl7LHnvIi5T3IRhf20LhKB5CojE2cQUJeN:TPXcUGIvlwpDDc7+as5S2RUJM
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:2
bffc5943312236f25f226a963615a8d2
-
reg_key
bffc5943312236f25f226a963615a8d2
-
splitter
|'|'|
Targets
-
-
Target
sample
-
Size
22KB
-
MD5
088923c76ec46ee811eba5bb390fd5e9
-
SHA1
8ddbd16409e30e605180290fd83082e2c4763d5d
-
SHA256
fef4346086269ea024a31a1389af9553ed4a8a70185472c39c4fc5ae48e4d1ac
-
SHA512
61248bd42970a43f00c0df351379a59bdd4b5d058221db3f46acaeb3547a19cde5081faed2456cd77e2868ec3c8226423058cd56860bbdda4cd0346ec317aed9
-
SSDEEP
384:1YmCsg/yJrQ7hucGSl7UJx4g6JgfCcosjddmRvR6JZlbw8hqIusZzZz4:qrG0Btl7rRpcnuv
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1