Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7700193205af5b4a8c8be29cfb35ddd5_JaffaCakes118

  • Size

    43KB

  • Sample

    240727-erjbqszbmf

  • MD5

    7700193205af5b4a8c8be29cfb35ddd5

  • SHA1

    73299e5614ddf1348c07f5097457c578841e07f5

  • SHA256

    62a182432c26286600483d5f6fd576e71c9cb64e8842a03ed8806afc1927fa64

  • SHA512

    19ac81d655cf521ee6415f67c9797f726c7bf762e6b8fbd41f3aa9e3cee17f375d9047378b45ab4c955c9df044267d7f6b204b1ff7cedc0cf5dd6ff55c8a477b

  • SSDEEP

    384:DZybEaLd2fo7yxTYSR/tQiqEX+Fa1Iz4Iij+ZsNO3PlpJKkkjh/TzF7pWnPLgrej:tGogmxESxtJ+4EuXQ/oWr+L

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

LOOSER

C2

simoonovid.ddns.net:1337

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      7700193205af5b4a8c8be29cfb35ddd5_JaffaCakes118

    • Size

      43KB

    • MD5

      7700193205af5b4a8c8be29cfb35ddd5

    • SHA1

      73299e5614ddf1348c07f5097457c578841e07f5

    • SHA256

      62a182432c26286600483d5f6fd576e71c9cb64e8842a03ed8806afc1927fa64

    • SHA512

      19ac81d655cf521ee6415f67c9797f726c7bf762e6b8fbd41f3aa9e3cee17f375d9047378b45ab4c955c9df044267d7f6b204b1ff7cedc0cf5dd6ff55c8a477b

    • SSDEEP

      384:DZybEaLd2fo7yxTYSR/tQiqEX+Fa1Iz4Iij+ZsNO3PlpJKkkjh/TzF7pWnPLgrej:tGogmxESxtJ+4EuXQ/oWr+L

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks