Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c88c3cd23006b0ec235391f5afa2b53_JaffaCakes118

  • Size

    32KB

  • Sample

    240729-jnk4daygkl

  • MD5

    3c88c3cd23006b0ec235391f5afa2b53

  • SHA1

    2442d714190927ac0d42f17c2cff16e1ccbf6f57

  • SHA256

    779fd2ff5cde74cb96c7153b017f8aec62ead969252b1adf56710176f27474b6

  • SHA512

    723191650231088be36b163d0e87b87c7184c09e8de1f84611edc35a3ab0a16da6dc257c0ca103f62a0c06a274d2a2fe4cfecb048343c187741a7f4e9b0356dd

  • SSDEEP

    768:Q26BHmZxPcW7CaUE00DD0F3KSB6Jyia5oQGQbgYE3:yBHm/uE00DD0F3KSBOyfoQGQbgF3

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Victime

C2

83.198.16.150:1604

Mutex

f210be34f73085df14d360821459de06

Attributes
  • reg_key

    f210be34f73085df14d360821459de06

  • splitter

    |'|'|

Targets

    • Target

      3c88c3cd23006b0ec235391f5afa2b53_JaffaCakes118

    • Size

      32KB

    • MD5

      3c88c3cd23006b0ec235391f5afa2b53

    • SHA1

      2442d714190927ac0d42f17c2cff16e1ccbf6f57

    • SHA256

      779fd2ff5cde74cb96c7153b017f8aec62ead969252b1adf56710176f27474b6

    • SHA512

      723191650231088be36b163d0e87b87c7184c09e8de1f84611edc35a3ab0a16da6dc257c0ca103f62a0c06a274d2a2fe4cfecb048343c187741a7f4e9b0356dd

    • SSDEEP

      768:Q26BHmZxPcW7CaUE00DD0F3KSB6Jyia5oQGQbgYE3:yBHm/uE00DD0F3KSBOyfoQGQbgF3

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks