Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Server.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    240113-zjmpeadghq

  • MD5

    a1d98613743877e6909e48a7ef961f03

  • SHA1

    d5060ec77aa7b90457fb4e0bcf13ed6d15be9f50

  • SHA256

    68887219835e5a239f80790898cce4fa77ad3551bb131b71ebe7dc01303be047

  • SHA512

    4d3039abe72a4617ba6b8c0ad2810e8448e21b8424abd7d798a5dd396e4bc3d18ee4b0a6379cdd122b4c9ecdec7812a266a15fad233ac39bded4c8091f4576f3

  • SSDEEP

    384:u8GBkiyRnDNGRn5IyUvoIdf1bg/SuswxrAF+rMRTyN/0L+EcoinblneHQM3epzXO:RZ5M5jUvtdOaufxrM+rMRa8NuMjlt

Score
10/10
njratnoobevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

noob

C2

127.0.0.1:5552

Mutex

df4f4145ee2e48990df7a94a2e0f3561

Attributes
  • reg_key

    df4f4145ee2e48990df7a94a2e0f3561

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      a1d98613743877e6909e48a7ef961f03

    • SHA1

      d5060ec77aa7b90457fb4e0bcf13ed6d15be9f50

    • SHA256

      68887219835e5a239f80790898cce4fa77ad3551bb131b71ebe7dc01303be047

    • SHA512

      4d3039abe72a4617ba6b8c0ad2810e8448e21b8424abd7d798a5dd396e4bc3d18ee4b0a6379cdd122b4c9ecdec7812a266a15fad233ac39bded4c8091f4576f3

    • SSDEEP

      384:u8GBkiyRnDNGRn5IyUvoIdf1bg/SuswxrAF+rMRTyN/0L+EcoinblneHQM3epzXO:RZ5M5jUvtdOaufxrM+rMRa8NuMjlt

    Score
    10/10
    njratnoobevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks