Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dfa041441341667ccad6f97423727d8f0d345e4af967ed8b389d472285d9151b
-
Size
23KB
-
Sample
221029-yjw3eaced9
-
MD5
8385e62092d6cc0e2c901a7b1f1b0770
-
SHA1
3dd182bdda0786a58053c1ede1113e9440fcad2c
-
SHA256
dfa041441341667ccad6f97423727d8f0d345e4af967ed8b389d472285d9151b
-
SHA512
3ed2da81dc9c8ea429da04e3b1c1499333dd6749d31026d6461dbe5332551a7f4d7c0f4ff751ee1696587e9e9e1f22610df4ceec1b3db095edfecfa01ec9e5ba
-
SSDEEP
384:DweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZB3:ULq411eRpcnuS
Malware Config
Extracted
njrat
0.7d
hack
fuck10.no-ip.biz:50000
219f889719b292a44f79b3e5d6ea87d4
-
reg_key
219f889719b292a44f79b3e5d6ea87d4
-
splitter
|'|'|
Targets
-
-
Target
dfa041441341667ccad6f97423727d8f0d345e4af967ed8b389d472285d9151b
-
Size
23KB
-
MD5
8385e62092d6cc0e2c901a7b1f1b0770
-
SHA1
3dd182bdda0786a58053c1ede1113e9440fcad2c
-
SHA256
dfa041441341667ccad6f97423727d8f0d345e4af967ed8b389d472285d9151b
-
SHA512
3ed2da81dc9c8ea429da04e3b1c1499333dd6749d31026d6461dbe5332551a7f4d7c0f4ff751ee1696587e9e9e1f22610df4ceec1b3db095edfecfa01ec9e5ba
-
SSDEEP
384:DweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZB3:ULq411eRpcnuS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-