Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-21_250b60b4db9e04b067d2a1594a90eedd_mafia_revil

  • Size

    17.4MB

  • Sample

    240121-pzfwpadec7

  • MD5

    250b60b4db9e04b067d2a1594a90eedd

  • SHA1

    818ca0a671fed0b84b3c8b777ae24f476eaa5285

  • SHA256

    bad8a99a5d4ea817a2fb51918b41f0d69d8bb4e8b2af14837d5f16d23ab2b7e6

  • SHA512

    7127d7c71b090ad021e305a47ab61e39781e076c1632c767a5e7e95d5b33c1acd39e37930c5445f28d8e70dc4993e66964c7a15231f1252e05d5f5287d8760ac

  • SSDEEP

    393216:hm7Fm08QYsmdEFlm2h3+1LzkTUM8HmwKKZ5W:i9RKZ

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

bXlpbnN1Lnp6LmFt:1999

Mutex

ac508f600d763c24a745123d31eae8e9

Attributes
  • reg_key

    ac508f600d763c24a745123d31eae8e9

  • splitter

    |'|'|

Targets

    • Target

      2024-01-21_250b60b4db9e04b067d2a1594a90eedd_mafia_revil

    • Size

      17.4MB

    • MD5

      250b60b4db9e04b067d2a1594a90eedd

    • SHA1

      818ca0a671fed0b84b3c8b777ae24f476eaa5285

    • SHA256

      bad8a99a5d4ea817a2fb51918b41f0d69d8bb4e8b2af14837d5f16d23ab2b7e6

    • SHA512

      7127d7c71b090ad021e305a47ab61e39781e076c1632c767a5e7e95d5b33c1acd39e37930c5445f28d8e70dc4993e66964c7a15231f1252e05d5f5287d8760ac

    • SSDEEP

      393216:hm7Fm08QYsmdEFlm2h3+1LzkTUM8HmwKKZ5W:i9RKZ

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks