Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2f79aaf512689c9403db74af2edb79ac.exe

  • Size

    484KB

  • Sample

    221123-1ml3qaff65

  • MD5

    2f79aaf512689c9403db74af2edb79ac

  • SHA1

    63f197e4139dafa86daa135e910cebb5c515d196

  • SHA256

    4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9

  • SHA512

    dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850

  • SSDEEP

    6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.ngrok.io:15907

Mutex

55beb0adf3929af15490d2dcbd04f397

Attributes
  • reg_key

    55beb0adf3929af15490d2dcbd04f397

  • splitter

    |'|'|

Targets

    • Target

      2f79aaf512689c9403db74af2edb79ac.exe

    • Size

      484KB

    • MD5

      2f79aaf512689c9403db74af2edb79ac

    • SHA1

      63f197e4139dafa86daa135e910cebb5c515d196

    • SHA256

      4099691b6923caf26f04c475c83d2eabbee3167061cb9d683c67cf36e63b31a9

    • SHA512

      dbcf00436f34a71da3b44ecf16647ffbfb99d307bf7975abacc8c640f78e5a4ec55c014380d626529ef94ae557e01a9f685e3aba9c660e4d02faf38e21a71850

    • SSDEEP

      6144:x/iQb+ckQsH8TDRGKJkSvGUlYG2VT+tr08yZPzkLQsJVQc1VTNN2HMDgtHxyPw5:oQnk3GDYKGcblMT+tr08yZwL1p8Hx+w5

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks