Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5916eac72f7396edff49cad9dcd8d80c

  • Size

    120KB

  • Sample

    240113-s39jyscfc7

  • MD5

    5916eac72f7396edff49cad9dcd8d80c

  • SHA1

    8e49c5a46c86c239ea314513ef80e0e275541e19

  • SHA256

    b13fbd200b38f02c0278e54483e641a2cfb41acd1a90bed78ac8791d0c1cf5b2

  • SHA512

    e584db22f6f01714f32061846d4ee26e400889c984aef744a73a66a5f4b1a6bace6906f55b48bb45a7aaa8677f0a51b8aabc9536216632abaa0480983038dff9

  • SSDEEP

    1536:ZVmDCzEXZKQSCqnSGgVM9NXiotLWLUrHOw+rDNdQLp3OwFPQhGIXPTasnmIbOKye:ZADWEXZK+GTypEnUNE3RPodmIbdx

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

107.152.99.41:54893

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      5916eac72f7396edff49cad9dcd8d80c

    • Size

      120KB

    • MD5

      5916eac72f7396edff49cad9dcd8d80c

    • SHA1

      8e49c5a46c86c239ea314513ef80e0e275541e19

    • SHA256

      b13fbd200b38f02c0278e54483e641a2cfb41acd1a90bed78ac8791d0c1cf5b2

    • SHA512

      e584db22f6f01714f32061846d4ee26e400889c984aef744a73a66a5f4b1a6bace6906f55b48bb45a7aaa8677f0a51b8aabc9536216632abaa0480983038dff9

    • SSDEEP

      1536:ZVmDCzEXZKQSCqnSGgVM9NXiotLWLUrHOw+rDNdQLp3OwFPQhGIXPTasnmIbOKye:ZADWEXZK+GTypEnUNE3RPodmIbdx

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks