Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd834aa1b60c3f0ad7969d9cc626b5afc5ab93f45b1bb197551beaf2b56a90b5

  • Size

    13KB

  • Sample

    221125-zsf8zshe5x

  • MD5

    5139964bad6734455085ab040eb9eeda

  • SHA1

    c8a4609f17815536e3d3e22647aa7930c63e5d9f

  • SHA256

    fd834aa1b60c3f0ad7969d9cc626b5afc5ab93f45b1bb197551beaf2b56a90b5

  • SHA512

    1b0ddf51a2d7173a20654a48689b3aaddc25219025d61a3902821bfee1fe4dbfc7fbc09ef8dd13631decb92fb023f0425f85865e6585b3a2f9e4e0180c4075c8

  • SSDEEP

    384:aMir3BPlJmE0nbC4/wIKzwlKRozN5wNaEV7:5IXJ/MeAwIcwuI5wQEZ

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

hacked

C2

niras.no-ip.org:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      Server.txt

    • Size

      29KB

    • MD5

      f7d0b25c3115647720776246e58f066a

    • SHA1

      7126e6a1e589245a84733375c25c598ad79c6d17

    • SHA256

      9f45c1e83903345f6e2327b3efa04767549b5732a80d9a67374182c65f110660

    • SHA512

      10c5188f4e583cea6e3c098de19db1a3a2fe7b3be14e5fc61e1c5d447f1b16333c174862b47a6cca41a5e7c2cb7067cc172b9e56bf6954c100f721210dcb8654

    • SSDEEP

      768:aQv/27NYsDkfZPoIqlHepBKh0p29SgRru:Pm7N143wEKhG29jru

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks