Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bSWN.exe

  • Size

    23KB

  • Sample

    240116-eqzx4acgbq

  • MD5

    584546daa2033c86dc8478d932d1a3d6

  • SHA1

    2b6b2eb17bb356a6fe4255b243e27e04ba6d323b

  • SHA256

    02e505dc7b4b2c438d1413310777d2092c7f45753c9379f1b47dd4740728dda7

  • SHA512

    73ddf430d7949959ee6f5c482c8c40c0a852a0abc8da060bf69deae4646d1bb25adf375af6db93f13eb38dd65ca355fb92003e03b1bb3a904a70112f01f6d480

  • SSDEEP

    384:ts2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDZ:WQ/ok1lzRpcnu6

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

safeprojectbr.duckdns.org:1010

Mutex

3d483c4736411b81721a6cabe9329c70

Attributes
  • reg_key

    3d483c4736411b81721a6cabe9329c70

  • splitter

    |'|'|

Targets

    • Target

      bSWN.exe

    • Size

      23KB

    • MD5

      584546daa2033c86dc8478d932d1a3d6

    • SHA1

      2b6b2eb17bb356a6fe4255b243e27e04ba6d323b

    • SHA256

      02e505dc7b4b2c438d1413310777d2092c7f45753c9379f1b47dd4740728dda7

    • SHA512

      73ddf430d7949959ee6f5c482c8c40c0a852a0abc8da060bf69deae4646d1bb25adf375af6db93f13eb38dd65ca355fb92003e03b1bb3a904a70112f01f6d480

    • SSDEEP

      384:ts2aUrue9Bx0RPIxHVSul0M/GrUdw6jgFIqZZj1mRvR6JZlbw8hqIusZzZDZ:WQ/ok1lzRpcnu6

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks