Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc

  • Size

    23KB

  • Sample

    221003-at8l7aaedm

  • MD5

    45c2097b3e02593577bc6bd4705aa590

  • SHA1

    79cbaa62c0c129471435a8af5eefc7831c3a235b

  • SHA256

    e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc

  • SHA512

    a1cda5b41db6e8b7af7ec59942b25c00c42d57407ca35f83130f19ebea1b57e9ae8002966fdee171e37876cb1cd845c1f40268f7caddb0e430670efc09f44332

  • SSDEEP

    384:KMKyOkBkRbohza8yuTUtZu06cgV4a5pzomRvR6JZlbw8hqIusZzZkt:l/YI1TDRpcnuv

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

rbgrbg

C2

rbg.no-ip.biz:4430

Mutex

9ad8e131ea8eb55212ed9bdba208c728

Attributes
  • reg_key

    9ad8e131ea8eb55212ed9bdba208c728

  • splitter

    |'|'|

Targets

    • Target

      e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc

    • Size

      23KB

    • MD5

      45c2097b3e02593577bc6bd4705aa590

    • SHA1

      79cbaa62c0c129471435a8af5eefc7831c3a235b

    • SHA256

      e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc

    • SHA512

      a1cda5b41db6e8b7af7ec59942b25c00c42d57407ca35f83130f19ebea1b57e9ae8002966fdee171e37876cb1cd845c1f40268f7caddb0e430670efc09f44332

    • SSDEEP

      384:KMKyOkBkRbohza8yuTUtZu06cgV4a5pzomRvR6JZlbw8hqIusZzZkt:l/YI1TDRpcnuv

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks