Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
33c6eece234f9df57b521c3a87e29c18_JaffaCakes118
-
Size
28KB
-
Sample
240511-kvf9faab5x
-
MD5
33c6eece234f9df57b521c3a87e29c18
-
SHA1
db9ad2a6713dc1c7d1e933187a36069e9714a72d
-
SHA256
cc72aae5e6ecc4b70ef09416f09670000db292c8b5adf2737f1b22cb9a2da1cd
-
SHA512
bc633b4d40621a48919298421a931668574a175768518e1aee71a90a59362ea969f77315305687cbcc8cf8e8abcdb44742884d3012691e708f84d4a5707baa19
-
SSDEEP
384:zR0jSNdYhRV09hTlqJM3ZFlUxxLb7FQTE8sPspcW9ceKIlkeFVbsxGlOJUKcrurt:uIOMZJER20IGeTbsxGU/5g0Lj1Abq
Malware Config
Targets
-
-
Target
33c6eece234f9df57b521c3a87e29c18_JaffaCakes118
-
Size
28KB
-
MD5
33c6eece234f9df57b521c3a87e29c18
-
SHA1
db9ad2a6713dc1c7d1e933187a36069e9714a72d
-
SHA256
cc72aae5e6ecc4b70ef09416f09670000db292c8b5adf2737f1b22cb9a2da1cd
-
SHA512
bc633b4d40621a48919298421a931668574a175768518e1aee71a90a59362ea969f77315305687cbcc8cf8e8abcdb44742884d3012691e708f84d4a5707baa19
-
SSDEEP
384:zR0jSNdYhRV09hTlqJM3ZFlUxxLb7FQTE8sPspcW9ceKIlkeFVbsxGlOJUKcrurt:uIOMZJER20IGeTbsxGU/5g0Lj1Abq
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1