Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96

  • Size

    246KB

  • Sample

    221001-3c8vvabfg2

  • MD5

    66a37d7b13902048a7b947785c990910

  • SHA1

    c845c1c9ba6e5d07404600e2e2f1b674f5e9e485

  • SHA256

    eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96

  • SHA512

    759b9a3ca40fd89140285dbc32b25b56d9ffa1c64adbf240e5b175dc0e9b0c26ff4ff6bffe397c31e8cefa38c0cc93b2c818ee2a23898dad5a8dba52baeaab30

  • SSDEEP

    6144:jfMrmQ0hVh5kIr06t5J2wiAksaDlRCDeu3OmDv5r9S4vPMHie3Fg1SAuK1:gqr0IJJzdahRCau3lvd3MzWG

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ابو فرنقع

C2

xk03.no-ip.biz:5552

Mutex

c294eacc4eeb89346402ee701c9e81b9

Attributes
  • reg_key

    c294eacc4eeb89346402ee701c9e81b9

  • splitter

    |'|'|

Targets

    • Target

      eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96

    • Size

      246KB

    • MD5

      66a37d7b13902048a7b947785c990910

    • SHA1

      c845c1c9ba6e5d07404600e2e2f1b674f5e9e485

    • SHA256

      eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96

    • SHA512

      759b9a3ca40fd89140285dbc32b25b56d9ffa1c64adbf240e5b175dc0e9b0c26ff4ff6bffe397c31e8cefa38c0cc93b2c818ee2a23898dad5a8dba52baeaab30

    • SSDEEP

      6144:jfMrmQ0hVh5kIr06t5J2wiAksaDlRCDeu3OmDv5r9S4vPMHie3Fg1SAuK1:gqr0IJJzdahRCau3lvd3MzWG

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks