Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692

  • Size

    23KB

  • Sample

    221127-mr2gbaba29

  • MD5

    0d4530f3d79ac68215858c445326f2e5

  • SHA1

    39a65a53d21b8b9d5df30888900c8a8484acac5a

  • SHA256

    716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692

  • SHA512

    60c90d547fae29556badbddef8ffeb6c68e2fcc841be9c406bbe6bcb25452183f3dcee176a42591494b06539129590708a6582243951523ac43dec55ad9bf4bc

  • SSDEEP

    384:tcqbCK0l4h7o9SVyDGvENxh461gJkOmMSW38mRvR6JZlbw8hqIusZzZNv:+30py6vYxaRpcnu6

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

SAM

C2

samhkr13.ddns.net:5552

Mutex

b5b7c5b511866ccc1b4ee34756a8ec79

Attributes
  • reg_key

    b5b7c5b511866ccc1b4ee34756a8ec79

  • splitter

    |'|'|

Targets

    • Target

      716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692

    • Size

      23KB

    • MD5

      0d4530f3d79ac68215858c445326f2e5

    • SHA1

      39a65a53d21b8b9d5df30888900c8a8484acac5a

    • SHA256

      716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692

    • SHA512

      60c90d547fae29556badbddef8ffeb6c68e2fcc841be9c406bbe6bcb25452183f3dcee176a42591494b06539129590708a6582243951523ac43dec55ad9bf4bc

    • SSDEEP

      384:tcqbCK0l4h7o9SVyDGvENxh461gJkOmMSW38mRvR6JZlbw8hqIusZzZNv:+30py6vYxaRpcnu6

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks