Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2BED53A0CBFFF3C1A359FEFF6BB308C0.exe

  • Size

    23KB

  • Sample

    240115-xvxmmsddel

  • MD5

    2bed53a0cbfff3c1a359feff6bb308c0

  • SHA1

    c6f26b99bc09bd4536412d5a6ce5ba844813f4f1

  • SHA256

    5df31f62a6f2bd7dd097ff0b0249c8215f7999a20821e4d51134be84397021e9

  • SHA512

    584dd44d1513792982e4cb2eec7f74f608a280672565819bc69eb5c9c68a038cb869f57b2827c97fe219947ac125deeed219bfa5aa39ec69c4a2a5d4c9302cb4

  • SSDEEP

    384:cdc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZwTy:c3e9EJLN/yRpcnu9y

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:13904

Mutex

cefdd2ccdf66b444840bef15a4ceda70

Attributes
  • reg_key

    cefdd2ccdf66b444840bef15a4ceda70

  • splitter

    |'|'|

Targets

    • Target

      2BED53A0CBFFF3C1A359FEFF6BB308C0.exe

    • Size

      23KB

    • MD5

      2bed53a0cbfff3c1a359feff6bb308c0

    • SHA1

      c6f26b99bc09bd4536412d5a6ce5ba844813f4f1

    • SHA256

      5df31f62a6f2bd7dd097ff0b0249c8215f7999a20821e4d51134be84397021e9

    • SHA512

      584dd44d1513792982e4cb2eec7f74f608a280672565819bc69eb5c9c68a038cb869f57b2827c97fe219947ac125deeed219bfa5aa39ec69c4a2a5d4c9302cb4

    • SSDEEP

      384:cdc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZwTy:c3e9EJLN/yRpcnu9y

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks