Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4a773a3fd811af52ce9a7ad8fd62b6ad4d982feca495c3f36628eaa5d1dc855N

  • Size

    146KB

  • Sample

    240927-n3j7va1emr

  • MD5

    c74de5c9d74cc46305a5b548b70e94d0

  • SHA1

    ffe5388c48ec856a62c9269e7bb51cfd5c352317

  • SHA256

    e4a773a3fd811af52ce9a7ad8fd62b6ad4d982feca495c3f36628eaa5d1dc855

  • SHA512

    94ca7cee4ebbf3a4334925c775f843c38ec4f3d5eb1c1d5d75aa941639d93c5851ac080edd5227650824d82c98cb8a054efc09f135d4b3b1b0fc98765c00cba0

  • SSDEEP

    3072:+kBJ7P8M5LKUCrLUM3QO8baRY7HIxiLsVi2NCanGFlY/Ru7AlfuBUTfZEPC5KNgi:zP8MVGLUD

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      e4a773a3fd811af52ce9a7ad8fd62b6ad4d982feca495c3f36628eaa5d1dc855N

    • Size

      146KB

    • MD5

      c74de5c9d74cc46305a5b548b70e94d0

    • SHA1

      ffe5388c48ec856a62c9269e7bb51cfd5c352317

    • SHA256

      e4a773a3fd811af52ce9a7ad8fd62b6ad4d982feca495c3f36628eaa5d1dc855

    • SHA512

      94ca7cee4ebbf3a4334925c775f843c38ec4f3d5eb1c1d5d75aa941639d93c5851ac080edd5227650824d82c98cb8a054efc09f135d4b3b1b0fc98765c00cba0

    • SSDEEP

      3072:+kBJ7P8M5LKUCrLUM3QO8baRY7HIxiLsVi2NCanGFlY/Ru7AlfuBUTfZEPC5KNgi:zP8MVGLUD

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks