Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
teamviwer9988.exe
-
Size
259KB
-
Sample
230423-wcvjwsge6w
-
MD5
46f5111c7c871155091f0a7810b02235
-
SHA1
1a6e436333ba021e6971afd72c1ab880e3732308
-
SHA256
c0ee79dfade9330fa524500595c9a3489be87d8017e18a1a3997991de761603a
-
SHA512
538523ca4a06f824d3b8168107516e9bafefd54c21ec328c538be9323e1da2accb01f6fb8b6dfae5013e9f382f0159ed8c41ee491514adf5702aecf2ece5d870
-
SSDEEP
6144:RdAECP0FqT2A+3vLlpQkIxZ9o6SCiYYYYYYYYYYYRYYYYYYYYYYiPhDc:R3CPsmNGvLov/66AYYYYYYYYYYYRYYYU
Malware Config
Extracted
njrat
0.7d
HacKed
amazon.thedreamsop.com:2211
Microsoft® Windows® Operating System
-
reg_key
Microsoft® Windows® Operating System
-
splitter
|'|'|
Targets
-
-
Target
teamviwer9988.exe
-
Size
259KB
-
MD5
46f5111c7c871155091f0a7810b02235
-
SHA1
1a6e436333ba021e6971afd72c1ab880e3732308
-
SHA256
c0ee79dfade9330fa524500595c9a3489be87d8017e18a1a3997991de761603a
-
SHA512
538523ca4a06f824d3b8168107516e9bafefd54c21ec328c538be9323e1da2accb01f6fb8b6dfae5013e9f382f0159ed8c41ee491514adf5702aecf2ece5d870
-
SSDEEP
6144:RdAECP0FqT2A+3vLlpQkIxZ9o6SCiYYYYYYYYYYYRYYYYYYYYYYiPhDc:R3CPsmNGvLov/66AYYYYYYYYYYYRYYYU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-