Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    53ff7f325392759ad23ecff401bf6534

  • Size

    307KB

  • Sample

    231219-s854qaggbq

  • MD5

    53ff7f325392759ad23ecff401bf6534

  • SHA1

    c3dd5b7fde858765da3c5412fad797e3e1a0c9aa

  • SHA256

    eea22615ac37aca1c2258c1283f397a6de1f24967bc9ccf649d81ccd1fd04a19

  • SHA512

    629503978bb475470c61c94fc509701fa58ec268be0c4bb65696b9d93bc4b53cf29b07d8de039c69e70958639176f5258e5be1f1875b07daa2e714735ecb8ca6

  • SSDEEP

    6144:0jbei1kGc+HGcPCaTk+4/b2lSd6tsLTXv4A3qssRF0gx5CR:0u+c+FPCaTkn2lSRLrgAapf0gx5CR

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Hacked

C2

6.tcp.eu.ngrok.io:15787

Mutex

MILF.exe

Attributes
  • reg_key

    MILF.exe

  • splitter

    123

Targets

    • Target

      53ff7f325392759ad23ecff401bf6534

    • Size

      307KB

    • MD5

      53ff7f325392759ad23ecff401bf6534

    • SHA1

      c3dd5b7fde858765da3c5412fad797e3e1a0c9aa

    • SHA256

      eea22615ac37aca1c2258c1283f397a6de1f24967bc9ccf649d81ccd1fd04a19

    • SHA512

      629503978bb475470c61c94fc509701fa58ec268be0c4bb65696b9d93bc4b53cf29b07d8de039c69e70958639176f5258e5be1f1875b07daa2e714735ecb8ca6

    • SSDEEP

      6144:0jbei1kGc+HGcPCaTk+4/b2lSd6tsLTXv4A3qssRF0gx5CR:0u+c+FPCaTkn2lSRLrgAapf0gx5CR

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks