Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dobro.exe

  • Size

    151KB

  • Sample

    230630-m1zn3shh5s

  • MD5

    a443234e456bbc4a78605ab336e7d7f6

  • SHA1

    3ce499b7866a684755ae6b38980438719bff784b

  • SHA256

    723d4e16788b240cd61087fe9b70d3f6e60117d0b7af0e242457a77541e277ce

  • SHA512

    4fdfb874d9db98058709ce72bb7ca8b9dad2307f168ee2aae225ecc26fec33f5c41ceaa67d61ad6617181ccb85a237283e75cb6f43a74051155ec8c0d7fdbcd1

  • SSDEEP

    3072:klgjq8s+yJueAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:WgjqARVdRQ/vqkg1gEagdgH

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed_CrosSs

C2

5.101.21.20:1555

Mutex

4742a84879c01b0661392ad95615a345

Attributes
  • reg_key

    4742a84879c01b0661392ad95615a345

  • splitter

    |'|'|

Targets

    • Target

      dobro.exe

    • Size

      151KB

    • MD5

      a443234e456bbc4a78605ab336e7d7f6

    • SHA1

      3ce499b7866a684755ae6b38980438719bff784b

    • SHA256

      723d4e16788b240cd61087fe9b70d3f6e60117d0b7af0e242457a77541e277ce

    • SHA512

      4fdfb874d9db98058709ce72bb7ca8b9dad2307f168ee2aae225ecc26fec33f5c41ceaa67d61ad6617181ccb85a237283e75cb6f43a74051155ec8c0d7fdbcd1

    • SSDEEP

      3072:klgjq8s+yJueAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:WgjqARVdRQ/vqkg1gEagdgH

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks