Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    58459dc8a082aa619f6c2885b9476f8b

  • Size

    212KB

  • Sample

    240113-hqk1qadhgl

  • MD5

    58459dc8a082aa619f6c2885b9476f8b

  • SHA1

    21e82634abf28340ae096368ef790a11b9d3f3e3

  • SHA256

    8e5f5ee008bb5e1ad267e7eb845f77fdb8fbb06b7d36e31f3de992c91d9c7aa9

  • SHA512

    9db40b7784f04b9ae3c186576c51ca525e0804d7945b45abb7451f1c72036eda244eac35fb66ca1b004931ebce10216b74a4c69b986daf0d4c3c40934e4f321f

  • SSDEEP

    3072:TJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLIYP:TJPgv7wJZ87wBjYI1IUwrIOZy3P

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      58459dc8a082aa619f6c2885b9476f8b

    • Size

      212KB

    • MD5

      58459dc8a082aa619f6c2885b9476f8b

    • SHA1

      21e82634abf28340ae096368ef790a11b9d3f3e3

    • SHA256

      8e5f5ee008bb5e1ad267e7eb845f77fdb8fbb06b7d36e31f3de992c91d9c7aa9

    • SHA512

      9db40b7784f04b9ae3c186576c51ca525e0804d7945b45abb7451f1c72036eda244eac35fb66ca1b004931ebce10216b74a4c69b986daf0d4c3c40934e4f321f

    • SSDEEP

      3072:TJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLIYP:TJPgv7wJZ87wBjYI1IUwrIOZy3P

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks