Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4f11fe373c27b39ff2eba9f951eec263f10a6d16fce7eefa5d979180859d0c3a

  • Size

    23KB

  • Sample

    221123-yf1anach9z

  • MD5

    bc3b47fecbf0e80808958e62fbc59a13

  • SHA1

    9b23b03fc5190fd5b1af5b8f9d5d55f4450f7b13

  • SHA256

    4f11fe373c27b39ff2eba9f951eec263f10a6d16fce7eefa5d979180859d0c3a

  • SHA512

    d046409001437f142f592634078ee7dc7414eef3dba539d11434fea0be3c50881809244426ac6f965d88f2f850f257dfb109e42ec0095947eb6559bc79c1e60c

  • SSDEEP

    384:7QeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZhV:85yBVd7Rpcnus

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

xtracker81.no-ip.org:1990

Mutex

8b74ececc3fc6b7e3b7d1ea01fe47d6c

Attributes
  • reg_key

    8b74ececc3fc6b7e3b7d1ea01fe47d6c

  • splitter

    |'|'|

Targets

    • Target

      4f11fe373c27b39ff2eba9f951eec263f10a6d16fce7eefa5d979180859d0c3a

    • Size

      23KB

    • MD5

      bc3b47fecbf0e80808958e62fbc59a13

    • SHA1

      9b23b03fc5190fd5b1af5b8f9d5d55f4450f7b13

    • SHA256

      4f11fe373c27b39ff2eba9f951eec263f10a6d16fce7eefa5d979180859d0c3a

    • SHA512

      d046409001437f142f592634078ee7dc7414eef3dba539d11434fea0be3c50881809244426ac6f965d88f2f850f257dfb109e42ec0095947eb6559bc79c1e60c

    • SSDEEP

      384:7QeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZhV:85yBVd7Rpcnus

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks