Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5476713627aefbd37c468eab0e770f4d

  • Size

    212KB

  • Sample

    240111-ywxvgagbb5

  • MD5

    5476713627aefbd37c468eab0e770f4d

  • SHA1

    b96a10096b188621a6b52d4c63b5d371eb5e3032

  • SHA256

    dbf1f934fe2f32bb7b8589ea5321b0773e283cd6212a35ad76e6f1b9ea7c63e6

  • SHA512

    857cf2e9dd9a038ebcdaa602b9141240ac973a2ca52bb98afb7b0eb54ec8b7c5d4a2c90bb0a345ceebd954960f5ca0524cd127b4430780c939cfcc9fe72948f8

  • SSDEEP

    3072:1Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnYP:1JPgv7wJZ87wBjYI1IUwrIOZyYP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      5476713627aefbd37c468eab0e770f4d

    • Size

      212KB

    • MD5

      5476713627aefbd37c468eab0e770f4d

    • SHA1

      b96a10096b188621a6b52d4c63b5d371eb5e3032

    • SHA256

      dbf1f934fe2f32bb7b8589ea5321b0773e283cd6212a35ad76e6f1b9ea7c63e6

    • SHA512

      857cf2e9dd9a038ebcdaa602b9141240ac973a2ca52bb98afb7b0eb54ec8b7c5d4a2c90bb0a345ceebd954960f5ca0524cd127b4430780c939cfcc9fe72948f8

    • SSDEEP

      3072:1Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnYP:1JPgv7wJZ87wBjYI1IUwrIOZyYP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks