Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9569f6467080ea29fcbdaaceda1868bed74e40fba3aad3f239452260820a0ca9
-
Size
29KB
-
Sample
221125-zsr1gshe7v
-
MD5
49e96748d08879f1e243f0b95dcfa515
-
SHA1
89e6f2afee9b281767e5f03a73abe9a5153f05e0
-
SHA256
9569f6467080ea29fcbdaaceda1868bed74e40fba3aad3f239452260820a0ca9
-
SHA512
5e6ccae9af6f34a09995d63e5de5db8b21f0c1400b7c30c88370c278d6a84ac7f1f8420e453e6956535f4434af863a2be8229101c4961d9b7f4b9d8c4e01bf1d
-
SSDEEP
768:ii71MHaSf07hrsq0QueaBKh0p29SgRyR:t71moQ9QMKhG29jyR
Malware Config
Extracted
njrat
0.6.4
هــكــرآوي
bluetooth.sytes.net:1177
ba4c12bee3027d94da5c81db2d196bfd
-
reg_key
ba4c12bee3027d94da5c81db2d196bfd
-
splitter
|'|'|
Targets
-
-
Target
9569f6467080ea29fcbdaaceda1868bed74e40fba3aad3f239452260820a0ca9
-
Size
29KB
-
MD5
49e96748d08879f1e243f0b95dcfa515
-
SHA1
89e6f2afee9b281767e5f03a73abe9a5153f05e0
-
SHA256
9569f6467080ea29fcbdaaceda1868bed74e40fba3aad3f239452260820a0ca9
-
SHA512
5e6ccae9af6f34a09995d63e5de5db8b21f0c1400b7c30c88370c278d6a84ac7f1f8420e453e6956535f4434af863a2be8229101c4961d9b7f4b9d8c4e01bf1d
-
SSDEEP
768:ii71MHaSf07hrsq0QueaBKh0p29SgRyR:t71moQ9QMKhG29jyR
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-