Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71b223e7dafa75f0e5e5593f71f6b39d

  • Size

    76KB

  • Sample

    240124-jvk2ysddgl

  • MD5

    71b223e7dafa75f0e5e5593f71f6b39d

  • SHA1

    157398eddab918b549433b718621f8c3fcce360f

  • SHA256

    a356dbe02a59506abef8670c45cba7dffdb6b542233293b8535b6c0f8a11ca3e

  • SHA512

    4335479ea63daf0005199a4844eac2994d7acf995ecefea87315511002617bfd63c875b3e251cf1644b28dc2a8fadb5bcf74b184b358f3231ca4780fe5110195

  • SSDEEP

    1536:BKN0x7x/GeWTJmflkYU4nzQ4qHV1NpYEaero+ua:4V3mNkYnzKHV1NpYRe5

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

danialbrain.ddns.net:1177

Mutex

7fe71c54e55ab72e1ef00fa365adaa17

Attributes
  • reg_key

    7fe71c54e55ab72e1ef00fa365adaa17

  • splitter

    |'|'|

Targets

    • Target

      71b223e7dafa75f0e5e5593f71f6b39d

    • Size

      76KB

    • MD5

      71b223e7dafa75f0e5e5593f71f6b39d

    • SHA1

      157398eddab918b549433b718621f8c3fcce360f

    • SHA256

      a356dbe02a59506abef8670c45cba7dffdb6b542233293b8535b6c0f8a11ca3e

    • SHA512

      4335479ea63daf0005199a4844eac2994d7acf995ecefea87315511002617bfd63c875b3e251cf1644b28dc2a8fadb5bcf74b184b358f3231ca4780fe5110195

    • SSDEEP

      1536:BKN0x7x/GeWTJmflkYU4nzQ4qHV1NpYEaero+ua:4V3mNkYnzKHV1NpYRe5

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks