Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c70272d82adba550c41b77f4a9089a6

  • Size

    212KB

  • Sample

    240115-htznaacda7

  • MD5

    5c70272d82adba550c41b77f4a9089a6

  • SHA1

    afa00f02807843565970a18b35e2524775d12e85

  • SHA256

    5a9da8b5b3547608af2a601d677db4720d2bfd732e41e0d8865b1532727756ad

  • SHA512

    cd8caa6c4074879e3a00a9fad08d18224d7dc5c56f8b05944a93171d7c763dbd8624a562917deb62e22cf4c7f231c0b4e00e13272da63fe729fb7efb566caa93

  • SSDEEP

    3072:GJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY1:GJPgv7wJZ87wBjYI1IUwrIOZyY1

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      5c70272d82adba550c41b77f4a9089a6

    • Size

      212KB

    • MD5

      5c70272d82adba550c41b77f4a9089a6

    • SHA1

      afa00f02807843565970a18b35e2524775d12e85

    • SHA256

      5a9da8b5b3547608af2a601d677db4720d2bfd732e41e0d8865b1532727756ad

    • SHA512

      cd8caa6c4074879e3a00a9fad08d18224d7dc5c56f8b05944a93171d7c763dbd8624a562917deb62e22cf4c7f231c0b4e00e13272da63fe729fb7efb566caa93

    • SSDEEP

      3072:GJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY1:GJPgv7wJZ87wBjYI1IUwrIOZyY1

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks