Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc
-
Size
23KB
-
Sample
221003-at8l7aaedm
-
MD5
45c2097b3e02593577bc6bd4705aa590
-
SHA1
79cbaa62c0c129471435a8af5eefc7831c3a235b
-
SHA256
e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc
-
SHA512
a1cda5b41db6e8b7af7ec59942b25c00c42d57407ca35f83130f19ebea1b57e9ae8002966fdee171e37876cb1cd845c1f40268f7caddb0e430670efc09f44332
-
SSDEEP
384:KMKyOkBkRbohza8yuTUtZu06cgV4a5pzomRvR6JZlbw8hqIusZzZkt:l/YI1TDRpcnuv
Malware Config
Extracted
njrat
0.7d
rbgrbg
rbg.no-ip.biz:4430
9ad8e131ea8eb55212ed9bdba208c728
-
reg_key
9ad8e131ea8eb55212ed9bdba208c728
-
splitter
|'|'|
Targets
-
-
Target
e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc
-
Size
23KB
-
MD5
45c2097b3e02593577bc6bd4705aa590
-
SHA1
79cbaa62c0c129471435a8af5eefc7831c3a235b
-
SHA256
e8c5ae21497796bbb296b0e01ab743739f15153a0059bb4709cf7eba2a3a31bc
-
SHA512
a1cda5b41db6e8b7af7ec59942b25c00c42d57407ca35f83130f19ebea1b57e9ae8002966fdee171e37876cb1cd845c1f40268f7caddb0e430670efc09f44332
-
SSDEEP
384:KMKyOkBkRbohza8yuTUtZu06cgV4a5pzomRvR6JZlbw8hqIusZzZkt:l/YI1TDRpcnuv
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-