Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    235d3d833701fc0f8407b59fd299a443_JaffaCakes118

  • Size

    29KB

  • Sample

    240728-zqnkaaybrd

  • MD5

    235d3d833701fc0f8407b59fd299a443

  • SHA1

    24b0e68efe814004bc2ac3283af857fe9e8a9bf9

  • SHA256

    6427f0361a3101a575c54575674ca52a241b8b295954609ce2dd5d5200c0b3a8

  • SHA512

    f650e2291b268549aa13f5422e2d373953a55f062bfd6ff2d8592869148b552da73dff46bc878b8b1a4fddeac6e00638d9b610c25bd7c4dbd3dded202e922db2

  • SSDEEP

    384:o2nLNl73t5otQMOdePp5TdNZmGmqD8ZneQqGBsbh0w4wlAokw9OhgOL1vYRGOZzY:37jo2MzBvb4qcneQBKh0p29SgReH

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed by imad

C2

viona.hopto.org:1177

Mutex

e79d569ba77562f0d4316e586835f0a2

Attributes
  • reg_key

    e79d569ba77562f0d4316e586835f0a2

  • splitter

    |'|'|

Targets

    • Target

      235d3d833701fc0f8407b59fd299a443_JaffaCakes118

    • Size

      29KB

    • MD5

      235d3d833701fc0f8407b59fd299a443

    • SHA1

      24b0e68efe814004bc2ac3283af857fe9e8a9bf9

    • SHA256

      6427f0361a3101a575c54575674ca52a241b8b295954609ce2dd5d5200c0b3a8

    • SHA512

      f650e2291b268549aa13f5422e2d373953a55f062bfd6ff2d8592869148b552da73dff46bc878b8b1a4fddeac6e00638d9b610c25bd7c4dbd3dded202e922db2

    • SSDEEP

      384:o2nLNl73t5otQMOdePp5TdNZmGmqD8ZneQqGBsbh0w4wlAokw9OhgOL1vYRGOZzY:37jo2MzBvb4qcneQBKh0p29SgReH

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks