Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4cfbb0106571122d1cc4364513e7803.exe

  • Size

    596KB

  • Sample

    230612-dplhmsbc6x

  • MD5

    c4cfbb0106571122d1cc4364513e7803

  • SHA1

    1a3a7b1357ed56b0183d03ee4b859659cc68f986

  • SHA256

    a54a3ca8ce01f7e9855d4d47d35bc82520ebd8d16a77df24e398b220d86d445d

  • SHA512

    36a13d91a28d051fbf7c611d3c6ef7014ee8bcddc2ce5bca72f094f70bd0dbfb99a50025455203f0fabb60c61afc89aabf2e41f70aac5349372a146500eaefaa

  • SSDEEP

    12288:ugZXEAO/BUdG3gVdt7KT4OIC4J84wHM5Qiu62PJr+ymhm:ugZXoZUTVdt7KTxoSs5QhCymhm

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:19328

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      c4cfbb0106571122d1cc4364513e7803.exe

    • Size

      596KB

    • MD5

      c4cfbb0106571122d1cc4364513e7803

    • SHA1

      1a3a7b1357ed56b0183d03ee4b859659cc68f986

    • SHA256

      a54a3ca8ce01f7e9855d4d47d35bc82520ebd8d16a77df24e398b220d86d445d

    • SHA512

      36a13d91a28d051fbf7c611d3c6ef7014ee8bcddc2ce5bca72f094f70bd0dbfb99a50025455203f0fabb60c61afc89aabf2e41f70aac5349372a146500eaefaa

    • SSDEEP

      12288:ugZXEAO/BUdG3gVdt7KT4OIC4J84wHM5Qiu62PJr+ymhm:ugZXoZUTVdt7KTxoSs5QhCymhm

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks