Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2f79aaf512689c9403db74af2edb79ac.exe

  • Size

    484KB

  • Sample

    221123-1ml3qaff65

  • MD5

    2f79aaf512689c9403db74af2edb79ac

  • SHA1

    63f197e4139dafa86daa135e910cebb5c515d196

  • SHA256

    4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9

  • SHA512

    dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850

  • SSDEEP

    6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.ngrok.io:15907

Mutex

55beb0adf3929af15490d2dcbd04f397

Attributes
  • reg_key

    55beb0adf3929af15490d2dcbd04f397

  • splitter

    |'|'|

Targets

    • Target

      2f79aaf512689c9403db74af2edb79ac.exe

    • Size

      484KB

    • MD5

      2f79aaf512689c9403db74af2edb79ac

    • SHA1

      63f197e4139dafa86daa135e910cebb5c515d196

    • SHA256

      4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9

    • SHA512

      dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850

    • SSDEEP

      6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.