Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6f7e51b74ffee64a15bfc6adbb2df5198b98941199f22795992e3727c2e1beef
-
Size
264KB
-
Sample
221124-fng5yaag56
-
MD5
19403c2cd224dc7a4a97dfd7178a2956
-
SHA1
b764f2d45a2232c9fea85cd897eac7bc1893862a
-
SHA256
6f7e51b74ffee64a15bfc6adbb2df5198b98941199f22795992e3727c2e1beef
-
SHA512
16cea4e4111c3750d1572899d1993321de9608662c0e3092bfe4344339e78fc2a7d602d934cc32a30aac395ace982564afc08adf466ec9bf848d6fd762423eba
-
SSDEEP
6144:39547uj9LbZR2lGM9jyPgkGOmKSU9Oo2EL:34y9xTohTLE
Malware Config
Extracted
njrat
0.6.4
HacKed
naceurhackerz.no-ip.biz:5552
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
6f7e51b74ffee64a15bfc6adbb2df5198b98941199f22795992e3727c2e1beef
-
Size
264KB
-
MD5
19403c2cd224dc7a4a97dfd7178a2956
-
SHA1
b764f2d45a2232c9fea85cd897eac7bc1893862a
-
SHA256
6f7e51b74ffee64a15bfc6adbb2df5198b98941199f22795992e3727c2e1beef
-
SHA512
16cea4e4111c3750d1572899d1993321de9608662c0e3092bfe4344339e78fc2a7d602d934cc32a30aac395ace982564afc08adf466ec9bf848d6fd762423eba
-
SSDEEP
6144:39547uj9LbZR2lGM9jyPgkGOmKSU9Oo2EL:34y9xTohTLE
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-