Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    09d1aa8ac1853e74ff56f5100318c964d824a5316e5a7bbc2e5d7d856956bffa

  • Size

    217KB

  • Sample

    240727-w82yvashnj

  • MD5

    045ee188f7d039c513b75f9374dbbe41

  • SHA1

    91aa5987549882647ac30edeb5e48ee70cc78df6

  • SHA256

    09d1aa8ac1853e74ff56f5100318c964d824a5316e5a7bbc2e5d7d856956bffa

  • SHA512

    764764e92c3fc906bb3211d4f8522b7fa3fbcb4cd548d2c08793e7fa0f5f30a52e7b932cc28b059ad6502c2a35f4e960b363aeed77a52e003b63d344df07ebcc

  • SSDEEP

    3072:RK2CR4dsW+GokdgjU81HQh9WFkJ19xLOnY31gd+rvqP2mtlnqdip:R5/9Wp

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

亗・「♆CrePTo0N♆」・亗

C2

summary-city.gl.at.ply.gg:15772

Mutex

89016dc03295ebbd9c9c64f4474bb75a

Attributes
  • reg_key

    89016dc03295ebbd9c9c64f4474bb75a

  • splitter

    |'|'|

Targets

    • Target

      09d1aa8ac1853e74ff56f5100318c964d824a5316e5a7bbc2e5d7d856956bffa

    • Size

      217KB

    • MD5

      045ee188f7d039c513b75f9374dbbe41

    • SHA1

      91aa5987549882647ac30edeb5e48ee70cc78df6

    • SHA256

      09d1aa8ac1853e74ff56f5100318c964d824a5316e5a7bbc2e5d7d856956bffa

    • SHA512

      764764e92c3fc906bb3211d4f8522b7fa3fbcb4cd548d2c08793e7fa0f5f30a52e7b932cc28b059ad6502c2a35f4e960b363aeed77a52e003b63d344df07ebcc

    • SSDEEP

      3072:RK2CR4dsW+GokdgjU81HQh9WFkJ19xLOnY31gd+rvqP2mtlnqdip:R5/9Wp

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks