Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.555579d4a7fe99a06349634f4c3e2800.exe

  • Size

    54KB

  • Sample

    231013-y6mr9abf72

  • MD5

    555579d4a7fe99a06349634f4c3e2800

  • SHA1

    a8017cc1332b40dad7b7b0e93f48d7edc31eab1f

  • SHA256

    863658f007f1112ea173b292a10f45816998b2a0e52ce488804da311ff3fce03

  • SHA512

    d86a6c931b829349ebd5a548c4891102657dd4b596ce04958a3fafa535cc074451510be030195bde913389b033fcbe46cf71203a0ccf75198441b13c7e112ceb

  • SSDEEP

    768:eOmhtIiRpcnu9t4hjb+UvnwW4ZLetrZTdke8GkzbjOjvmXbTpkV:eOmhuiRWu969Xpke8TzXOrQ+V

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

secded21.duckdns.org:1338

Mutex

f09945897e28727e09a648ce79ccccec

Attributes
  • reg_key

    f09945897e28727e09a648ce79ccccec

  • splitter

    |'|'|

Targets

    • Target

      NEAS.555579d4a7fe99a06349634f4c3e2800.exe

    • Size

      54KB

    • MD5

      555579d4a7fe99a06349634f4c3e2800

    • SHA1

      a8017cc1332b40dad7b7b0e93f48d7edc31eab1f

    • SHA256

      863658f007f1112ea173b292a10f45816998b2a0e52ce488804da311ff3fce03

    • SHA512

      d86a6c931b829349ebd5a548c4891102657dd4b596ce04958a3fafa535cc074451510be030195bde913389b033fcbe46cf71203a0ccf75198441b13c7e112ceb

    • SSDEEP

      768:eOmhtIiRpcnu9t4hjb+UvnwW4ZLetrZTdke8GkzbjOjvmXbTpkV:eOmhuiRWu969Xpke8TzXOrQ+V

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks