Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
809b746c32451069d87c1d859ea60144708a96674fc69b471ea132b16172e0c5
-
Size
3.2MB
-
Sample
221125-lp951agf52
-
MD5
eb7519e15e13afb38b3fea8c2478b9d7
-
SHA1
df585b37ef1a93770ef2c3a28cbd00f759053497
-
SHA256
809b746c32451069d87c1d859ea60144708a96674fc69b471ea132b16172e0c5
-
SHA512
386da681b7405e782f94da1206c3870d82e27a8a2d63e0ee5aef8140fb1110e6d7a811a68695f97bc53411c563e7c3ae9731b84450c6a5a30e8305c5ed0f377a
-
SSDEEP
98304:Kq1wzyH5CJmGoukfSdjGVK0EaKftVjpX/Fa:KqH07quGVGaKfRI
Malware Config
Extracted
njrat
im523
HacKed
10.0.2.15:7777
66a423b5aff803461ae114b10bbacca0
-
reg_key
66a423b5aff803461ae114b10bbacca0
-
splitter
|'|'|
Targets
-
-
Target
809b746c32451069d87c1d859ea60144708a96674fc69b471ea132b16172e0c5
-
Size
3.2MB
-
MD5
eb7519e15e13afb38b3fea8c2478b9d7
-
SHA1
df585b37ef1a93770ef2c3a28cbd00f759053497
-
SHA256
809b746c32451069d87c1d859ea60144708a96674fc69b471ea132b16172e0c5
-
SHA512
386da681b7405e782f94da1206c3870d82e27a8a2d63e0ee5aef8140fb1110e6d7a811a68695f97bc53411c563e7c3ae9731b84450c6a5a30e8305c5ed0f377a
-
SSDEEP
98304:Kq1wzyH5CJmGoukfSdjGVK0EaKftVjpX/Fa:KqH07quGVGaKfRI
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-