Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb.exe
Resource
win10v2004-20241007-en
General
-
Target
c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb.exe
-
Size
93KB
-
MD5
d61b6c8d2031c9c14fd2ca8cac4abbd0
-
SHA1
232a655eb7c720a90d30f4f51a3aa4fde319be2b
-
SHA256
c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb
-
SHA512
4649981329ec72d555af8888b3bc2b6e93d3569c232247f430147aa32b8f907dc7f1e188f3ec32c5a33fa95cf06f8c3719da033959cb1af709ab4e133a2b3e3a
-
SSDEEP
1536:1emC+xhUa9urgOB9RNvM4jEwzGi1dDlDRgS:1egUa9urgONdGi1dRO
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:17881
a5ecb8dd72f32c83945d9630db93a6c0
-
reg_key
a5ecb8dd72f32c83945d9630db93a6c0
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb.exe
Files
-
c50c74721a340dfa457152405bb9fcf9bdd725b321510f8eaf2b23c4a68a6abb.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ