Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bSWK.exe

  • Size

    23KB

  • Sample

    240116-ck17vsbbar

  • MD5

    7261770666f41d4b65dc9590d0c4a1fd

  • SHA1

    7149ae39230bbeb78551d012c35e2f4470cd4077

  • SHA256

    9fcede2fe80c31c00102d9a01cbce1e6110c8d7f473d43111adbcd13fa877132

  • SHA512

    3da00e5532ed8c450625c6486aabf15c793745c55765d8840b712eae19e874cb3d29242881cf0551fb95aa44f390ebbcb61e01fbb0e35e6c5be930bf7e4b1ba2

  • SSDEEP

    384:Ys2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDb:PQ/ok1lzRpcnuA

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

safeprojectbr.duckdns.org:1010

Mutex

3d483c4736411b81721a6cabe9329c70

Attributes
  • reg_key

    3d483c4736411b81721a6cabe9329c70

  • splitter

    |'|'|

Targets

    • Target

      bSWK.exe

    • Size

      23KB

    • MD5

      7261770666f41d4b65dc9590d0c4a1fd

    • SHA1

      7149ae39230bbeb78551d012c35e2f4470cd4077

    • SHA256

      9fcede2fe80c31c00102d9a01cbce1e6110c8d7f473d43111adbcd13fa877132

    • SHA512

      3da00e5532ed8c450625c6486aabf15c793745c55765d8840b712eae19e874cb3d29242881cf0551fb95aa44f390ebbcb61e01fbb0e35e6c5be930bf7e4b1ba2

    • SSDEEP

      384:Ys2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDb:PQ/ok1lzRpcnuA

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks