Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6
-
Size
23KB
-
Sample
221126-29v5kscd34
-
MD5
9db5a2b9971fe8d959bd02fd6d22e522
-
SHA1
bbe109eae47f18f11dd6f338bfa745a009763b4e
-
SHA256
b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6
-
SHA512
d675831dcbd1578bd6a8286ed885ff844896cc0467aa07b226d265f85c9a15ba867969f0666d3c111c0b0e26f2b1485eb9570c41f2320aba37494aac5fbd4717
-
SSDEEP
384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZ1j:e7O89p2rRpcnuG
Malware Config
Extracted
njrat
0.7d
new
174.127.99.136:200
23dbefa9b4e28174ecb7bdfd4a7be0f4
-
reg_key
23dbefa9b4e28174ecb7bdfd4a7be0f4
-
splitter
|'|'|
Targets
-
-
Target
b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6
-
Size
23KB
-
MD5
9db5a2b9971fe8d959bd02fd6d22e522
-
SHA1
bbe109eae47f18f11dd6f338bfa745a009763b4e
-
SHA256
b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6
-
SHA512
d675831dcbd1578bd6a8286ed885ff844896cc0467aa07b226d265f85c9a15ba867969f0666d3c111c0b0e26f2b1485eb9570c41f2320aba37494aac5fbd4717
-
SSDEEP
384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZ1j:e7O89p2rRpcnuG
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-