Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871

  • Size

    148KB

  • Sample

    221106-d69lssddcq

  • MD5

    038f46069d0a4f29ab44b7c766a173f0

  • SHA1

    b066930a925f89d6a5da9b1cee4c806ff3c3119c

  • SHA256

    4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871

  • SHA512

    78cb743db6f324485234b0a82fb00ae2fbd5aa7375d9777b9897e57a0df82b0be14bc5b4d1e8a9ab265249c6dde9dec247a4b5f1fc71e6010f6881eaa25e5ca5

  • SSDEEP

    3072:iUu32GhNvBO9qCDtLoosE/WIgU1/B65wYEPv6ANSzlWA9hFDZqz:iU82GhNpC2J47Z1/UeNNSzz5q

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

f974a60849f958b913754e5bb1f5dfce

Attributes
  • reg_key

    f974a60849f958b913754e5bb1f5dfce

  • splitter

    |'|'|

Targets

    • Target

      4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871

    • Size

      148KB

    • MD5

      038f46069d0a4f29ab44b7c766a173f0

    • SHA1

      b066930a925f89d6a5da9b1cee4c806ff3c3119c

    • SHA256

      4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871

    • SHA512

      78cb743db6f324485234b0a82fb00ae2fbd5aa7375d9777b9897e57a0df82b0be14bc5b4d1e8a9ab265249c6dde9dec247a4b5f1fc71e6010f6881eaa25e5ca5

    • SSDEEP

      3072:iUu32GhNvBO9qCDtLoosE/WIgU1/B65wYEPv6ANSzlWA9hFDZqz:iU82GhNpC2J47Z1/UeNNSzz5q

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks