Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4247c4d09c...89.exe

windows7-x64

10

4247c4d09c...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4247c4d09cc14d68a37d07e8983b5689

  • Size

    114KB

  • Sample

    240105-aj9rhafca2

  • MD5

    4247c4d09cc14d68a37d07e8983b5689

  • SHA1

    56383c1267482b38d33bf8dcef1ee31dbac5c07a

  • SHA256

    9b53d3c635fb01cb79c384b5add1ce0bddf2fb7ec27c52cbe15285184f202564

  • SHA512

    e7532e4cda43a585428cedf3223ad61cd35e4aea28c3de46c9367f4dc909fda3d7c89331d7b591c217f833a78605f8a0620101bb13ff2169408d283603b3dfb3

  • SSDEEP

    1536:7q73RtOhd71nbgrEFpsCofqJvcpMJL8eIcLGwZSujuSwKjx6fD7gurnrs8:C3Rt8d7pgQ/sCoyV9JzIOGOE31rrb

Score
10/10
njrat2020evasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2020

C2

grandmark-pg.kro.kr:8080

Mutex

c766e8a0c9537c519acbf9fdc3142a0b

Attributes
  • reg_key

    c766e8a0c9537c519acbf9fdc3142a0b

  • splitter

    |'|'|

Targets

    • Target

      4247c4d09cc14d68a37d07e8983b5689

    • Size

      114KB

    • MD5

      4247c4d09cc14d68a37d07e8983b5689

    • SHA1

      56383c1267482b38d33bf8dcef1ee31dbac5c07a

    • SHA256

      9b53d3c635fb01cb79c384b5add1ce0bddf2fb7ec27c52cbe15285184f202564

    • SHA512

      e7532e4cda43a585428cedf3223ad61cd35e4aea28c3de46c9367f4dc909fda3d7c89331d7b591c217f833a78605f8a0620101bb13ff2169408d283603b3dfb3

    • SSDEEP

      1536:7q73RtOhd71nbgrEFpsCofqJvcpMJL8eIcLGwZSujuSwKjx6fD7gurnrs8:C3Rt8d7pgQ/sCoyV9JzIOGOE31rrb

    Score
    10/10
    njrat2020evasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks