Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e4514770d7565d926b2744ad59b7453

  • Size

    522KB

  • Sample

    240122-a3mq3scgel

  • MD5

    6e4514770d7565d926b2744ad59b7453

  • SHA1

    4005b95875c11e4f3e2d4a0f4633610eee212000

  • SHA256

    aeeed3519233bb2d7971b5567ae064f2fa26576e97df4bb27845a11727ca30c1

  • SHA512

    f6e6a1280432f74738c85a592e54639c4437f8f81d228cc3cc790cd6dd59d4c6addf4b6d75d67b86f0507e045efc49b485421f753f9a638f0e92329a4f473fd3

  • SSDEEP

    3072:EErmliCxmjV3vnHAJvAUgG3uGNozyTDKYPWvutEr4rsiwXsuoiZtpEvS:EEyli9J3fAVDPoSmuo+skBi

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

izerox.ddns.net:1177

Mutex

e47d6808668b7384f50734f843cca7ce

Attributes
  • reg_key

    e47d6808668b7384f50734f843cca7ce

  • splitter

    |'|'|

Targets

    • Target

      6e4514770d7565d926b2744ad59b7453

    • Size

      522KB

    • MD5

      6e4514770d7565d926b2744ad59b7453

    • SHA1

      4005b95875c11e4f3e2d4a0f4633610eee212000

    • SHA256

      aeeed3519233bb2d7971b5567ae064f2fa26576e97df4bb27845a11727ca30c1

    • SHA512

      f6e6a1280432f74738c85a592e54639c4437f8f81d228cc3cc790cd6dd59d4c6addf4b6d75d67b86f0507e045efc49b485421f753f9a638f0e92329a4f473fd3

    • SSDEEP

      3072:EErmliCxmjV3vnHAJvAUgG3uGNozyTDKYPWvutEr4rsiwXsuoiZtpEvS:EEyli9J3fAVDPoSmuo+skBi

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks