Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765

  • Size

    72KB

  • Sample

    221011-hz6zjsbgdp

  • MD5

    67d9264622cde2684cd76d491685e0c0

  • SHA1

    c6929603317c313d78e08b4a900361cf4ba952c6

  • SHA256

    961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765

  • SHA512

    72daedee180d9a6fc0c12293650ab1b709960c8d0643f497adce776bd6e61f552cd3fa8325a2da27c9537daaf0bc5f6e491eb5ed2de6e610780771b09493241f

  • SSDEEP

    1536:IPV3C2bm1JbKCMUmbScj1zDZhAjBZMvcE3v78:mVX+6UkScZ3+BZMvtv78

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

wildsafari.no-ip.info:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765

    • Size

      72KB

    • MD5

      67d9264622cde2684cd76d491685e0c0

    • SHA1

      c6929603317c313d78e08b4a900361cf4ba952c6

    • SHA256

      961502d09356b28f00b47725a47ce50f3902cda24aafd1a5e5ae46e9b36ea765

    • SHA512

      72daedee180d9a6fc0c12293650ab1b709960c8d0643f497adce776bd6e61f552cd3fa8325a2da27c9537daaf0bc5f6e491eb5ed2de6e610780771b09493241f

    • SSDEEP

      1536:IPV3C2bm1JbKCMUmbScj1zDZhAjBZMvcE3v78:mVX+6UkScZ3+BZMvtv78

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks