Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5fde482290cb501e48785aee22a4ee87

  • Size

    135KB

  • Sample

    240116-pf13hsbbep

  • MD5

    5fde482290cb501e48785aee22a4ee87

  • SHA1

    8546f720e8492bd105fc07914410f3774d93a78b

  • SHA256

    32b16e2b8c7ba6ad57447ec1cf833050611596b16f7b5c102dd7dd853c744b8a

  • SHA512

    a784226726a7f88662f7d040209bc683913a2dbf03c66e211865928e966981a7dc8e08c42fdbd6d2db77e98ebcb0859f03324c515777bb46dfe540a2e104d302

  • SSDEEP

    768:PJ6AUPSPBwIo6IzTjyXKI2ZO3FExg1anz5K40MNeLPYQzAV1AfCFOPbxJU29NAHj:YMCunq2jH0izGVs4ZFnmSfAdNAI

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.34:5552

Mutex

1c8e4c2d5e74130fcfce1d4f7218fdee

Attributes
  • reg_key

    1c8e4c2d5e74130fcfce1d4f7218fdee

  • splitter

    |'|'|

Targets

    • Target

      5fde482290cb501e48785aee22a4ee87

    • Size

      135KB

    • MD5

      5fde482290cb501e48785aee22a4ee87

    • SHA1

      8546f720e8492bd105fc07914410f3774d93a78b

    • SHA256

      32b16e2b8c7ba6ad57447ec1cf833050611596b16f7b5c102dd7dd853c744b8a

    • SHA512

      a784226726a7f88662f7d040209bc683913a2dbf03c66e211865928e966981a7dc8e08c42fdbd6d2db77e98ebcb0859f03324c515777bb46dfe540a2e104d302

    • SSDEEP

      768:PJ6AUPSPBwIo6IzTjyXKI2ZO3FExg1anz5K40MNeLPYQzAV1AfCFOPbxJU29NAHj:YMCunq2jH0izGVs4ZFnmSfAdNAI

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks