Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73a2d271f4b6cc3e4c32148efb7cdbf3

  • Size

    863KB

  • Sample

    240125-d7qv3sfdf8

  • MD5

    73a2d271f4b6cc3e4c32148efb7cdbf3

  • SHA1

    550fe66935f84711afd25b562d8c58d1e54f5306

  • SHA256

    092a9a5a2dae728331834b73af9602e7602fc70954e512778a3cce3a3ccfac79

  • SHA512

    3ee536886a5f000eefd18a3dd9dcbb8fe9f1a7e13e1236796b8dfc85c77b8c12c768cde9cd75fbef6c4695a9c719ac9abd62dc96f8dcfb87f3ae71ba7ca1073d

  • SSDEEP

    12288:p4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgaF7Q67Rq9MmCS:p4lavt0LkLL9IMixoEgeaZhRq9MmCS

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:5552

Mutex

0dc24807523d3cd24b54cd0996e4c49b

Attributes
  • reg_key

    0dc24807523d3cd24b54cd0996e4c49b

  • splitter

    |'|'|

Targets

    • Target

      73a2d271f4b6cc3e4c32148efb7cdbf3

    • Size

      863KB

    • MD5

      73a2d271f4b6cc3e4c32148efb7cdbf3

    • SHA1

      550fe66935f84711afd25b562d8c58d1e54f5306

    • SHA256

      092a9a5a2dae728331834b73af9602e7602fc70954e512778a3cce3a3ccfac79

    • SHA512

      3ee536886a5f000eefd18a3dd9dcbb8fe9f1a7e13e1236796b8dfc85c77b8c12c768cde9cd75fbef6c4695a9c719ac9abd62dc96f8dcfb87f3ae71ba7ca1073d

    • SSDEEP

      12288:p4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgaF7Q67Rq9MmCS:p4lavt0LkLL9IMixoEgeaZhRq9MmCS

    • UAC bypass

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks