Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    033d72d6e8bb60eb73c0f2d728190205.exe

  • Size

    1.1MB

  • Sample

    240122-bz9bcaebc5

  • MD5

    033d72d6e8bb60eb73c0f2d728190205

  • SHA1

    4448197bcf0ec719069586fb177e21b0b025c002

  • SHA256

    e589a6a7a03642ccedf7b1a6d5dd1b72e3a12f9fa9d3bdd35da0ae02c9878c09

  • SHA512

    4bdb68d56a5019d57cd1a0f44cd9fda0f74baccde9412f3bdd95c6dde031e28769a427240bad2c6f7254fcf9db32875d5498b9955e09b5bc20d18d2aa327b95b

  • SSDEEP

    24576:+kL5gmvyAFCBaqNcbQ9GL7qSp+sAhXZMGZerZxG:+k+EbCafso7FVEZvZmD

Score
10/10

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:10369

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      033d72d6e8bb60eb73c0f2d728190205.exe

    • Size

      1.1MB

    • MD5

      033d72d6e8bb60eb73c0f2d728190205

    • SHA1

      4448197bcf0ec719069586fb177e21b0b025c002

    • SHA256

      e589a6a7a03642ccedf7b1a6d5dd1b72e3a12f9fa9d3bdd35da0ae02c9878c09

    • SHA512

      4bdb68d56a5019d57cd1a0f44cd9fda0f74baccde9412f3bdd95c6dde031e28769a427240bad2c6f7254fcf9db32875d5498b9955e09b5bc20d18d2aa327b95b

    • SSDEEP

      24576:+kL5gmvyAFCBaqNcbQ9GL7qSp+sAhXZMGZerZxG:+k+EbCafso7FVEZvZmD

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks