Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6f8798f01a7ec11429f624dbc59b4a32

  • Size

    3.1MB

  • Sample

    240122-nch7vsehfm

  • MD5

    6f8798f01a7ec11429f624dbc59b4a32

  • SHA1

    31bf80da7df42fa40a5296328af295fd7fcb9c31

  • SHA256

    580e02ff0dba47c835a4abff35ca5ecfe8e04e08206739936556b696141ed844

  • SHA512

    6051b115e18a1407f488cbe7a3f419f3a44ef80c38420a124d1886f7d6479fda5b437eda0649221fdc5b29a01587aa92323500e7cf8837f0de15d8323162fa6a

  • SSDEEP

    98304:YWv9/FJdgaCB2r/cpy5UGAUnva4vHchPLfjLB:JJmR2brAivzvHUPLfjF

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

bishkek931.ddns.net:4872

Mutex

9aae056fac505440e6c8356ee4efc63f

Attributes
  • reg_key

    9aae056fac505440e6c8356ee4efc63f

  • splitter

    |'|'|

Targets

    • Target

      6f8798f01a7ec11429f624dbc59b4a32

    • Size

      3.1MB

    • MD5

      6f8798f01a7ec11429f624dbc59b4a32

    • SHA1

      31bf80da7df42fa40a5296328af295fd7fcb9c31

    • SHA256

      580e02ff0dba47c835a4abff35ca5ecfe8e04e08206739936556b696141ed844

    • SHA512

      6051b115e18a1407f488cbe7a3f419f3a44ef80c38420a124d1886f7d6479fda5b437eda0649221fdc5b29a01587aa92323500e7cf8837f0de15d8323162fa6a

    • SSDEEP

      98304:YWv9/FJdgaCB2r/cpy5UGAUnva4vHchPLfjLB:JJmR2brAivzvHUPLfjF

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks