Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ExpressZipCompresionArchivos_ES.exe

  • Size

    3.2MB

  • Sample

    240116-rcbdssdff3

  • MD5

    736c77aca8ad5748582d6f7bcd303052

  • SHA1

    748e70f78377b6869c1e31527281ebbe999f1c97

  • SHA256

    75c64e3854c9354fc41ea4f7f4b3ede9875174a02224e0082bcda3c2b7974616

  • SHA512

    efe894161ab2b24c3ddc36fb02c7f3864e02d37549430961a8beaf5630aed3464ad1cc8fff74644857f1d56a5823a2604a059e897bc3498bf5d208ddc02b1bee

  • SSDEEP

    49152:OwUvr25KNXEv+TCHkq+7dOcdQL1iFfsyT9cRuZ2+q4v+r961CGoet4c/1JIx9xqK:OLvCoBEv+TdzO1Wsy6RZHWL9h/YoZE

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes
  • reg_key

    3b570ffeeb3d34249b9a5ce0ee58a328

  • splitter

    svchost

Targets

    • Target

      ExpressZipCompresionArchivos_ES.exe

    • Size

      3.2MB

    • MD5

      736c77aca8ad5748582d6f7bcd303052

    • SHA1

      748e70f78377b6869c1e31527281ebbe999f1c97

    • SHA256

      75c64e3854c9354fc41ea4f7f4b3ede9875174a02224e0082bcda3c2b7974616

    • SHA512

      efe894161ab2b24c3ddc36fb02c7f3864e02d37549430961a8beaf5630aed3464ad1cc8fff74644857f1d56a5823a2604a059e897bc3498bf5d208ddc02b1bee

    • SSDEEP

      49152:OwUvr25KNXEv+TCHkq+7dOcdQL1iFfsyT9cRuZ2+q4v+r961CGoet4c/1JIx9xqK:OLvCoBEv+TdzO1Wsy6RZHWL9h/YoZE

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks