Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c35f831d409c55e4925e96f17c298126.exe

  • Size

    43KB

  • Sample

    240114-b9tnmshhgl

  • MD5

    c35f831d409c55e4925e96f17c298126

  • SHA1

    3cd4b6da23cb04e5dbe12d11562921f90a4c4464

  • SHA256

    7053364c34ad127e351736677b20987ae51fef387ddbb3253b845c09491a2a07

  • SHA512

    8376c6fe8aa6165bd81327f25e0034515a2d1d9e02c27e86504c05b33b82d780cf7210613615101246e7e0f3d9f6b3b5af9a8b98b2da501b0d207d0e80b67ab7

  • SSDEEP

    384:s8ZyyHqGyCEFmVoybL/ldPCtm8CEdUDMghIzEIij+ZsNO3PlpJKkkjh/TzF7pWn3:s6TKGyVAVlbL/l5inoggYuXQ/os+L

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ap.ngrok.io:18777

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      c35f831d409c55e4925e96f17c298126.exe

    • Size

      43KB

    • MD5

      c35f831d409c55e4925e96f17c298126

    • SHA1

      3cd4b6da23cb04e5dbe12d11562921f90a4c4464

    • SHA256

      7053364c34ad127e351736677b20987ae51fef387ddbb3253b845c09491a2a07

    • SHA512

      8376c6fe8aa6165bd81327f25e0034515a2d1d9e02c27e86504c05b33b82d780cf7210613615101246e7e0f3d9f6b3b5af9a8b98b2da501b0d207d0e80b67ab7

    • SSDEEP

      384:s8ZyyHqGyCEFmVoybL/ldPCtm8CEdUDMghIzEIij+ZsNO3PlpJKkkjh/TzF7pWn3:s6TKGyVAVlbL/l5inoggYuXQ/os+L

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks