Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d

  • Size

    23KB

  • Sample

    221121-29wq4see91

  • MD5

    f04fc64cbea25002a9bd5ddcd260d06f

  • SHA1

    8af7051594408b726616015bfac42f35017ad227

  • SHA256

    9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d

  • SHA512

    28f28a55307fe71ccd5a131e1fa92fbf0b6b8757bab7442245e93fbf7153c1e83b33ea3bdcd47b1d55da142f713f707d0fd95fa607ab2ed19ab8e2edc7a5ff16

  • SSDEEP

    384:rYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZGJU:UwWkti/aeRpcnuG

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Vectim's ahmed

C2

jihed2013.zapto.org:1177

Mutex

e10d37000e740cdb48fa883045c507b4

Attributes
  • reg_key

    e10d37000e740cdb48fa883045c507b4

  • splitter

    |'|'|

Targets

    • Target

      9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d

    • Size

      23KB

    • MD5

      f04fc64cbea25002a9bd5ddcd260d06f

    • SHA1

      8af7051594408b726616015bfac42f35017ad227

    • SHA256

      9371308f3514923f9a105edcfe1bce89a1ea3caf4e045ce18f6884cd9820c89d

    • SHA512

      28f28a55307fe71ccd5a131e1fa92fbf0b6b8757bab7442245e93fbf7153c1e83b33ea3bdcd47b1d55da142f713f707d0fd95fa607ab2ed19ab8e2edc7a5ff16

    • SSDEEP

      384:rYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZGJU:UwWkti/aeRpcnuG

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks