Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692
-
Size
23KB
-
Sample
221127-mr2gbaba29
-
MD5
0d4530f3d79ac68215858c445326f2e5
-
SHA1
39a65a53d21b8b9d5df30888900c8a8484acac5a
-
SHA256
716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692
-
SHA512
60c90d547fae29556badbddef8ffeb6c68e2fcc841be9c406bbe6bcb25452183f3dcee176a42591494b06539129590708a6582243951523ac43dec55ad9bf4bc
-
SSDEEP
384:tcqbCK0l4h7o9SVyDGvENxh461gJkOmMSW38mRvR6JZlbw8hqIusZzZNv:+30py6vYxaRpcnu6
Malware Config
Extracted
njrat
0.7d
SAM
samhkr13.ddns.net:5552
b5b7c5b511866ccc1b4ee34756a8ec79
-
reg_key
b5b7c5b511866ccc1b4ee34756a8ec79
-
splitter
|'|'|
Targets
-
-
Target
716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692
-
Size
23KB
-
MD5
0d4530f3d79ac68215858c445326f2e5
-
SHA1
39a65a53d21b8b9d5df30888900c8a8484acac5a
-
SHA256
716ccff99841ebfadb22084138249b9a99f368d0ca123ab413cab5108468e692
-
SHA512
60c90d547fae29556badbddef8ffeb6c68e2fcc841be9c406bbe6bcb25452183f3dcee176a42591494b06539129590708a6582243951523ac43dec55ad9bf4bc
-
SSDEEP
384:tcqbCK0l4h7o9SVyDGvENxh461gJkOmMSW38mRvR6JZlbw8hqIusZzZNv:+30py6vYxaRpcnu6
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-