Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6

  • Size

    23KB

  • Sample

    221126-29v5kscd34

  • MD5

    9db5a2b9971fe8d959bd02fd6d22e522

  • SHA1

    bbe109eae47f18f11dd6f338bfa745a009763b4e

  • SHA256

    b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6

  • SHA512

    d675831dcbd1578bd6a8286ed885ff844896cc0467aa07b226d265f85c9a15ba867969f0666d3c111c0b0e26f2b1485eb9570c41f2320aba37494aac5fbd4717

  • SSDEEP

    384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZ1j:e7O89p2rRpcnuG

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

new

C2

174.127.99.136:200

Mutex

23dbefa9b4e28174ecb7bdfd4a7be0f4

Attributes
  • reg_key

    23dbefa9b4e28174ecb7bdfd4a7be0f4

  • splitter

    |'|'|

Targets

    • Target

      b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6

    • Size

      23KB

    • MD5

      9db5a2b9971fe8d959bd02fd6d22e522

    • SHA1

      bbe109eae47f18f11dd6f338bfa745a009763b4e

    • SHA256

      b15046e6f034f055047ad07a4ebde3a83364e5cc936f6823fb4b1b076deb1ae6

    • SHA512

      d675831dcbd1578bd6a8286ed885ff844896cc0467aa07b226d265f85c9a15ba867969f0666d3c111c0b0e26f2b1485eb9570c41f2320aba37494aac5fbd4717

    • SSDEEP

      384:JoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZ1j:e7O89p2rRpcnuG

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks