Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2348-3-0x0000000000400000-0x000000000040C000-memory.dmp

  • Size

    48KB

  • Sample

    240112-h42kmabehl

  • MD5

    f30547a9b1997ae1346783528cfc65f7

  • SHA1

    71d209aa6cdea0649fddbb9f6f166a6f703f1ca6

  • SHA256

    808bab58664d0e7663720d2ef12785d999f5273a88fc76494db645cc1a87c0b5

  • SHA512

    97b942b294dd6212814935480bad05525887f8a7df4ae94b2d0423b7cd29f0f170f5a2d535f679e741342d690f8179b8d5da04543c113e4d0163fa6b22ba8445

  • SSDEEP

    384:T8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZ83:4Xcwt3tRpcnuh

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:2222

Mutex

6ff24f19677199efff6034746cc3f536

Attributes
  • reg_key

    6ff24f19677199efff6034746cc3f536

  • splitter

    |'|'|

Targets

    • Target

      2348-3-0x0000000000400000-0x000000000040C000-memory.dmp

    • Size

      48KB

    • MD5

      f30547a9b1997ae1346783528cfc65f7

    • SHA1

      71d209aa6cdea0649fddbb9f6f166a6f703f1ca6

    • SHA256

      808bab58664d0e7663720d2ef12785d999f5273a88fc76494db645cc1a87c0b5

    • SHA512

      97b942b294dd6212814935480bad05525887f8a7df4ae94b2d0423b7cd29f0f170f5a2d535f679e741342d690f8179b8d5da04543c113e4d0163fa6b22ba8445

    • SSDEEP

      384:T8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZ83:4Xcwt3tRpcnuh

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks