Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c13fa7162bf6014babbf714fb350200f5e9d0c68194e03aad1becf25e10111f1
-
Size
510KB
-
Sample
221126-241swafd4w
-
MD5
de5594d65b1c39567fcd695a9a22821d
-
SHA1
106fbb1e33137ccd8afd7b7fcb07c59680c33319
-
SHA256
c13fa7162bf6014babbf714fb350200f5e9d0c68194e03aad1becf25e10111f1
-
SHA512
1b19ea43c8b404e583c2936208b20d17a63100dd86e309750ec6adf8d913811c030f77ab692aefd56ddb8eeb97713b13515c64fb7904ce91eb10e1b89d2deac4
-
SSDEEP
3072:v6tmSB6CoVYJC0WrFqQe2rYsk/C57x2p2TLmt9U/E0yq2ZCIjotGkUKBbA:v7a41eHRK57Ue/EP/MpJ
Malware Config
Extracted
njrat
0.7d
Dr-Doser
first1one.ddns.net:1177
544fcef8aa17198ed1d025b4643ddcbe
-
reg_key
544fcef8aa17198ed1d025b4643ddcbe
-
splitter
|'|'|
Targets
-
-
Target
c13fa7162bf6014babbf714fb350200f5e9d0c68194e03aad1becf25e10111f1
-
Size
510KB
-
MD5
de5594d65b1c39567fcd695a9a22821d
-
SHA1
106fbb1e33137ccd8afd7b7fcb07c59680c33319
-
SHA256
c13fa7162bf6014babbf714fb350200f5e9d0c68194e03aad1becf25e10111f1
-
SHA512
1b19ea43c8b404e583c2936208b20d17a63100dd86e309750ec6adf8d913811c030f77ab692aefd56ddb8eeb97713b13515c64fb7904ce91eb10e1b89d2deac4
-
SSDEEP
3072:v6tmSB6CoVYJC0WrFqQe2rYsk/C57x2p2TLmt9U/E0yq2ZCIjotGkUKBbA:v7a41eHRK57Ue/EP/MpJ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-