Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    23ac69eb0388a0fc0828c9e41b769201.exe

  • Size

    23KB

  • Sample

    230711-jspblafc96

  • MD5

    23ac69eb0388a0fc0828c9e41b769201

  • SHA1

    f61ed517f92b306df0ff2f185c0ab097c5dbf46d

  • SHA256

    7a78f5f7471015b05f36a45b9d53d05224e8b4796240c709c3a7067bd44bc543

  • SHA512

    84925b643e6613cf698d78d68235d3469969a6f3d4d1f640aa80926de2ce38d42e211bb2efa651d6528050ced0d96fd3d07bba433a057eaac8aa1d4be44d8e90

  • SSDEEP

    384:9dMK6b2GZsx/Yr1+liORH1kciFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZkz:9+b9glF51MRpcnul

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Flex

C2

0.tcp.sa.ngrok.io:17200

Mutex

b32bd74f2549d11fe61eb231dbe9f728

Attributes
  • reg_key

    b32bd74f2549d11fe61eb231dbe9f728

  • splitter

    |'|'|

Targets

    • Target

      23ac69eb0388a0fc0828c9e41b769201.exe

    • Size

      23KB

    • MD5

      23ac69eb0388a0fc0828c9e41b769201

    • SHA1

      f61ed517f92b306df0ff2f185c0ab097c5dbf46d

    • SHA256

      7a78f5f7471015b05f36a45b9d53d05224e8b4796240c709c3a7067bd44bc543

    • SHA512

      84925b643e6613cf698d78d68235d3469969a6f3d4d1f640aa80926de2ce38d42e211bb2efa651d6528050ced0d96fd3d07bba433a057eaac8aa1d4be44d8e90

    • SSDEEP

      384:9dMK6b2GZsx/Yr1+liORH1kciFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZkz:9+b9glF51MRpcnul

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks