Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5bd602418a031c3cfef95ec85eea7a9c

  • Size

    212KB

  • Sample

    240115-cctstafbgk

  • MD5

    5bd602418a031c3cfef95ec85eea7a9c

  • SHA1

    5626e2e0d838022a5b5963533fe4f5075b747a3c

  • SHA256

    e00b2c31e95175bbb8b655b7faa15f12cc8e5bcc539c595390130a7cea0a80f8

  • SHA512

    c56fa88dbba9ff1de8df23956d581bb02817bce31cb98d42d1ce688c85a03902c217fabb0f761229a1eed13e8e2c2c6be2c1abe5b10e89e21673447eb0510258

  • SSDEEP

    3072:0Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnYz:0JPgv7wJZ87wBjYI1IUwrIOZyYz

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      5bd602418a031c3cfef95ec85eea7a9c

    • Size

      212KB

    • MD5

      5bd602418a031c3cfef95ec85eea7a9c

    • SHA1

      5626e2e0d838022a5b5963533fe4f5075b747a3c

    • SHA256

      e00b2c31e95175bbb8b655b7faa15f12cc8e5bcc539c595390130a7cea0a80f8

    • SHA512

      c56fa88dbba9ff1de8df23956d581bb02817bce31cb98d42d1ce688c85a03902c217fabb0f761229a1eed13e8e2c2c6be2c1abe5b10e89e21673447eb0510258

    • SSDEEP

      3072:0Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnYz:0JPgv7wJZ87wBjYI1IUwrIOZyYz

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks