Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61163a9b3febd6b69af13b15889783cd

  • Size

    4.5MB

  • Sample

    240116-2vb36accaq

  • MD5

    61163a9b3febd6b69af13b15889783cd

  • SHA1

    8074b6aa3235abdd74b297c49a6a2d9e125803cf

  • SHA256

    b1bdc2d7698615f452b9719b25429d90e688878e5b01b08ad32a164e755493a3

  • SHA512

    2b3c516f5e57fe155ff95fa6e60c61e3c60788f25a18cebcd42262f0cd5e7cbd6f035767c841adbb5ff8cb7d3595ca70519e2e71eb393d4f616d57f4f36880d4

  • SSDEEP

    98304:nviz/27qWGq/TzuqCDl2Ptao7jazHMNl28cGSbf:nviq75/TzufdQNlcf

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

inforhack.ddns.net:2040

Mutex

39bd3bca5134dd3873886412992a52a5

Attributes
  • reg_key

    39bd3bca5134dd3873886412992a52a5

  • splitter

    |'|'|

Targets

    • Target

      61163a9b3febd6b69af13b15889783cd

    • Size

      4.5MB

    • MD5

      61163a9b3febd6b69af13b15889783cd

    • SHA1

      8074b6aa3235abdd74b297c49a6a2d9e125803cf

    • SHA256

      b1bdc2d7698615f452b9719b25429d90e688878e5b01b08ad32a164e755493a3

    • SHA512

      2b3c516f5e57fe155ff95fa6e60c61e3c60788f25a18cebcd42262f0cd5e7cbd6f035767c841adbb5ff8cb7d3595ca70519e2e71eb393d4f616d57f4f36880d4

    • SSDEEP

      98304:nviz/27qWGq/TzuqCDl2Ptao7jazHMNl28cGSbf:nviq75/TzufdQNlcf

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks