Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0d32b7a7755b312af45165c7c2814e0cca2992da18224f0776258b484fd3358

  • Size

    115KB

  • Sample

    240620-bmpfeaveqp

  • MD5

    efcd19db208e7ccbbea917ed18cae43a

  • SHA1

    1ac3f2f6b17dccd029006d007da7401dd4b2a18f

  • SHA256

    a0d32b7a7755b312af45165c7c2814e0cca2992da18224f0776258b484fd3358

  • SHA512

    19c09886cf52aa39ae6d0c3b3d887471bd3ff53b54203759067ad6d5c5f59ebac6bc74680b7d34ac62ed5bdfdaa1e3f2c3ce790c8f47f53bc1c2b92c563602fc

  • SSDEEP

    1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMiat6wF:P5eznsjsguGDFqGZ2riE

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

C2

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes
  • reg_key

    e1a87040f2026369a233f9ae76301b7b

  • splitter

    |'|'|

Targets

    • Target

      a0d32b7a7755b312af45165c7c2814e0cca2992da18224f0776258b484fd3358

    • Size

      115KB

    • MD5

      efcd19db208e7ccbbea917ed18cae43a

    • SHA1

      1ac3f2f6b17dccd029006d007da7401dd4b2a18f

    • SHA256

      a0d32b7a7755b312af45165c7c2814e0cca2992da18224f0776258b484fd3358

    • SHA512

      19c09886cf52aa39ae6d0c3b3d887471bd3ff53b54203759067ad6d5c5f59ebac6bc74680b7d34ac62ed5bdfdaa1e3f2c3ce790c8f47f53bc1c2b92c563602fc

    • SSDEEP

      1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMiat6wF:P5eznsjsguGDFqGZ2riE

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks