Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

27/07/2024, 17:04

240727-vllgxayhqq 10

27/07/2024, 16:06

240727-tkcb6sxbpm 10

General

  • Target

    Server.exe

  • Size

    23KB

  • Sample

    240727-tkcb6sxbpm

  • MD5

    eefce7d017206bb0427ddec59dce0c24

  • SHA1

    c588ceb9388eecabd9eaded2a4791a433dc0f617

  • SHA256

    23d041615509c122bc7ecebae1a6ccc7c92d1cd8ac166904e98a030c271a5d16

  • SHA512

    b7e66ee0a1a090f866e584ba0eefe7424072a306b00f9817fabc882325012218477905105dbc52cfa89bcf2bdecd7fb27c29566da3177072bf7486e3d842bfab

  • SSDEEP

    384:VY324bcgPiJLQrfARGSRUJ5bY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ3a:qL2s+tRpRpcnuJ

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Testing

C2

127.0.0.1:5552

Mutex

9e9ca6907ecb9894c8165310b4f83b54

Attributes
  • reg_key

    9e9ca6907ecb9894c8165310b4f83b54

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      23KB

    • MD5

      eefce7d017206bb0427ddec59dce0c24

    • SHA1

      c588ceb9388eecabd9eaded2a4791a433dc0f617

    • SHA256

      23d041615509c122bc7ecebae1a6ccc7c92d1cd8ac166904e98a030c271a5d16

    • SHA512

      b7e66ee0a1a090f866e584ba0eefe7424072a306b00f9817fabc882325012218477905105dbc52cfa89bcf2bdecd7fb27c29566da3177072bf7486e3d842bfab

    • SSDEEP

      384:VY324bcgPiJLQrfARGSRUJ5bY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ3a:qL2s+tRpRpcnuJ

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks