Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    391eb94842f32dbe0e91fefca980b51c83676f853ddd8c279d2868b6d9239ff7

  • Size

    552KB

  • Sample

    240727-z1f8ysseng

  • MD5

    ee6991319f1531b0938f21cb5803ea84

  • SHA1

    c38dc5a044896f27ec4dda70405d9eeac9a0fed8

  • SHA256

    391eb94842f32dbe0e91fefca980b51c83676f853ddd8c279d2868b6d9239ff7

  • SHA512

    da8ed6af0e542f3e279076eaf7b9749d26462bd9a0122b73b38716c81c45534faa258fcdd8b0c46f0046912a2bb8409f41fb071401be732bdcc22779271309df

  • SSDEEP

    12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fi:RGk69IS0rw4pP9p416QMaBnRCi

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

OCT

C2

film.royalprop.trade:8109

Mutex

update.exe

Attributes
  • reg_key

    update.exe

  • splitter

    0987

Targets

    • Target

      391eb94842f32dbe0e91fefca980b51c83676f853ddd8c279d2868b6d9239ff7

    • Size

      552KB

    • MD5

      ee6991319f1531b0938f21cb5803ea84

    • SHA1

      c38dc5a044896f27ec4dda70405d9eeac9a0fed8

    • SHA256

      391eb94842f32dbe0e91fefca980b51c83676f853ddd8c279d2868b6d9239ff7

    • SHA512

      da8ed6af0e542f3e279076eaf7b9749d26462bd9a0122b73b38716c81c45534faa258fcdd8b0c46f0046912a2bb8409f41fb071401be732bdcc22779271309df

    • SSDEEP

      12288:R32kYn9YFZBsws0rwfQpP9p/yFUk6l6X3cWCauQWannR8fi:RGk69IS0rw4pP9p416QMaBnRCi

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks