Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4f3b59864c18a8d1a8add12e29dfd6293d67c07ecbd0bf9b4ae9e34294bc2668

  • Size

    1.9MB

  • MD5

    e4c2350adc7cb595f67e309d52b2778e

  • SHA1

    08a0784691beeb777d864279612a7237075f94ee

  • SHA256

    4f3b59864c18a8d1a8add12e29dfd6293d67c07ecbd0bf9b4ae9e34294bc2668

  • SHA512

    8b39225020671ce408deba0b8d0e91dfba51e64552b8b18d9f241f2250ef72769fd55cf2c97047dc3921613d0762a86a93be92f64766b829090c93da795ca8ad

  • SSDEEP

    49152:hd6e6x01stTTAkJ/4p3ZpoWJX+vS6ljM3XyF2:hg1xThKJZpoWJO6UjaCA

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

amr555s.no-ip.org:5554

Mutex

f87a088fbd7c06eef1f5a49864be5208

Attributes
  • reg_key

    f87a088fbd7c06eef1f5a49864be5208

  • splitter

    |'|'|

Signatures

  • Njrat family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 4f3b59864c18a8d1a8add12e29dfd6293d67c07ecbd0bf9b4ae9e34294bc2668
    .exe windows:4 windows x86 arch:x86

    Password: infected

    29b61e5a552b3a9bc00953de1c93be41


    Headers

    Imports

    Sections

  • Smart Binder v2.0 By Th3 Exploiter.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • SpyNet.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections