Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7e25b10edb79b23e598357a9d138ea5e

  • Size

    212KB

  • Sample

    240128-163jtacgdq

  • MD5

    7e25b10edb79b23e598357a9d138ea5e

  • SHA1

    8ac0dabaebfdaba4d13035a2e44609b4a5e04bcd

  • SHA256

    70bc725d2a8756ee10547571a59f859bfd4069460bef66b47259d5c3cce8825b

  • SHA512

    aa070d8614e830fa7c54dd247a762596e55734dcd7be67be43e6130e791f5399a4e8dad427e37d547beeb6cff093f7b8e26817d6ebc3c3cd8e923691caa93173

  • SSDEEP

    3072:3Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY7:3JPgv7wJZ87wBjYI1IUwrIOZyY7

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      7e25b10edb79b23e598357a9d138ea5e

    • Size

      212KB

    • MD5

      7e25b10edb79b23e598357a9d138ea5e

    • SHA1

      8ac0dabaebfdaba4d13035a2e44609b4a5e04bcd

    • SHA256

      70bc725d2a8756ee10547571a59f859bfd4069460bef66b47259d5c3cce8825b

    • SHA512

      aa070d8614e830fa7c54dd247a762596e55734dcd7be67be43e6130e791f5399a4e8dad427e37d547beeb6cff093f7b8e26817d6ebc3c3cd8e923691caa93173

    • SSDEEP

      3072:3Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLnY7:3JPgv7wJZ87wBjYI1IUwrIOZyY7

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks