Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Payload.exe

windows10-ltsc_2021-x64

8

Payload.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payload.exe

  • Size

    54KB

  • Sample

    250322-3ae5raszcw

  • MD5

    9b50d40dbf5594522b8c274f830c9a46

  • SHA1

    5292a799efdf0037896237aa81e0dfc080cebef1

  • SHA256

    72bedfaceebc5a42fd4ff690700fba1cba15a042c52769ba0ca303cbd545d49c

  • SHA512

    ef32a63ace3f3538680da1318b5c12d5e8e56e4304350e98c3ec27c8c107c50225a97295e9c377e4baf392ce96cbe5042d91d367150e75ed3944950eed857cc4

  • SSDEEP

    1536:cCEVGt9gmgpDGxJSMGKWQcGD8X3xIEpmlg:0VGtGmCGxJSMGKWQnD8X3xIEpm

Score
10/10
njratvictimdefense_evasiondiscoveryexecution

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

associates-studio.gl.at.ply.gg:55946

Mutex

63c41129dcdd177a39b9286624eb2f23

Attributes
  • reg_key

    63c41129dcdd177a39b9286624eb2f23

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      Payload.exe

    • Size

      54KB

    • MD5

      9b50d40dbf5594522b8c274f830c9a46

    • SHA1

      5292a799efdf0037896237aa81e0dfc080cebef1

    • SHA256

      72bedfaceebc5a42fd4ff690700fba1cba15a042c52769ba0ca303cbd545d49c

    • SHA512

      ef32a63ace3f3538680da1318b5c12d5e8e56e4304350e98c3ec27c8c107c50225a97295e9c377e4baf392ce96cbe5042d91d367150e75ed3944950eed857cc4

    • SSDEEP

      1536:cCEVGt9gmgpDGxJSMGKWQcGD8X3xIEpmlg:0VGtGmCGxJSMGKWQnD8X3xIEpm

    Score
    8/10
    defense_evasiondiscoveryexecution

    • Stops running service(s)

      defense_evasionexecution

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks