Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    D6E07886220DDE443F7EE7E7669C11FF.exe

  • Size

    377KB

  • Sample

    240121-n6r2vscdal

  • MD5

    d6e07886220dde443f7ee7e7669c11ff

  • SHA1

    bf35ccff13cebdb3d137f0bd154e51ab031d6066

  • SHA256

    619650da11fb47c9ba3848e5313272a558ff6e5d62d8cec55589ce7af19b4537

  • SHA512

    52fc9d6d06eca8652ec27c364a141ea0448eae63e5389183b02a9240c2fe5584168daf3b6568a94541a96f142b410cbe4671225d2308d7a9bbc020f68b86e0b9

  • SSDEEP

    3072:beF4lljDwYGftyh1PWTR+y2EhZ/rFrqqq2eZIYS+g4:b

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:13957

Mutex

02924b9d757b06fa7a3ec3652e5fdc4f

Attributes
  • reg_key

    02924b9d757b06fa7a3ec3652e5fdc4f

  • splitter

    |'|'|

Targets

    • Target

      D6E07886220DDE443F7EE7E7669C11FF.exe

    • Size

      377KB

    • MD5

      d6e07886220dde443f7ee7e7669c11ff

    • SHA1

      bf35ccff13cebdb3d137f0bd154e51ab031d6066

    • SHA256

      619650da11fb47c9ba3848e5313272a558ff6e5d62d8cec55589ce7af19b4537

    • SHA512

      52fc9d6d06eca8652ec27c364a141ea0448eae63e5389183b02a9240c2fe5584168daf3b6568a94541a96f142b410cbe4671225d2308d7a9bbc020f68b86e0b9

    • SSDEEP

      3072:beF4lljDwYGftyh1PWTR+y2EhZ/rFrqqq2eZIYS+g4:b

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks