Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6eea5968b74c847d0751a0b23fa44ce3

  • Size

    212KB

  • Sample

    240122-gsk8tsaaak

  • MD5

    6eea5968b74c847d0751a0b23fa44ce3

  • SHA1

    c5ab0ec40b50a9d5ce1c8c7b224c57bf95c919f2

  • SHA256

    7352664f289f4a2d9cd3ab92201bfdf4fd75f2268405a8ee9b1c238b95c8db14

  • SHA512

    37af7139b3ae425bf742583f52aa1240308a8a3c2b1a5fbbddc892aae6fc0dd37240e94830703f67415b90b37ea1f787fa708a4df59fa4756b78287a67a8c739

  • SSDEEP

    3072:FJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLOYP:FJPgv7wJZ87wBjYI1IUwrIOZyxP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      6eea5968b74c847d0751a0b23fa44ce3

    • Size

      212KB

    • MD5

      6eea5968b74c847d0751a0b23fa44ce3

    • SHA1

      c5ab0ec40b50a9d5ce1c8c7b224c57bf95c919f2

    • SHA256

      7352664f289f4a2d9cd3ab92201bfdf4fd75f2268405a8ee9b1c238b95c8db14

    • SHA512

      37af7139b3ae425bf742583f52aa1240308a8a3c2b1a5fbbddc892aae6fc0dd37240e94830703f67415b90b37ea1f787fa708a4df59fa4756b78287a67a8c739

    • SSDEEP

      3072:FJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLOYP:FJPgv7wJZ87wBjYI1IUwrIOZyxP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks