Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3e90f4aa1725740f32d8c6a7c7ed77db.exe
-
Size
37KB
-
Sample
221106-p6a9sacch2
-
MD5
3e90f4aa1725740f32d8c6a7c7ed77db
-
SHA1
a42f5985580e647dbd491d2b7e1f54bdd967883f
-
SHA256
1ade6c3079bf4457f862540f2f378e1758111482c207da32d3fecae5f1f9e275
-
SHA512
64b1f0322bb07e854ff5d50527462519bc2bde05b582b62e809c5e0d80f3e3a1dba9808902ca4abaf7299614de5fd06028026594dc20e0d28d554f26b6d715ec
-
SSDEEP
384:WcmBkiy1nDNGRn5IyUv8IR/hh0/aKVEcrAF+rMRTyN/0L+EcoinblneHQM3epzXi:Jd5M5jUvxRoCKWcrM+rMRa8Nuzd+t
Malware Config
Extracted
njrat
im523
HacKed
37.144.68.25:8080
1bca132747fbbbf8717bb4a20e6daa6d
-
reg_key
1bca132747fbbbf8717bb4a20e6daa6d
-
splitter
|'|'|
Targets
-
-
Target
3e90f4aa1725740f32d8c6a7c7ed77db.exe
-
Size
37KB
-
MD5
3e90f4aa1725740f32d8c6a7c7ed77db
-
SHA1
a42f5985580e647dbd491d2b7e1f54bdd967883f
-
SHA256
1ade6c3079bf4457f862540f2f378e1758111482c207da32d3fecae5f1f9e275
-
SHA512
64b1f0322bb07e854ff5d50527462519bc2bde05b582b62e809c5e0d80f3e3a1dba9808902ca4abaf7299614de5fd06028026594dc20e0d28d554f26b6d715ec
-
SSDEEP
384:WcmBkiy1nDNGRn5IyUv8IR/hh0/aKVEcrAF+rMRTyN/0L+EcoinblneHQM3epzXi:Jd5M5jUvxRoCKWcrM+rMRa8Nuzd+t
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-