Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22585ebd82d76f47eadc4dbdd6226f17_JaffaCakes118

  • Size

    365KB

  • Sample

    241008-s9de4atdqn

  • MD5

    22585ebd82d76f47eadc4dbdd6226f17

  • SHA1

    c26365a632b42586cb4eceaf3ee3a64bc966c46d

  • SHA256

    2dc35fb8268ade4d1189d41c4908b64a2090a5429ef7f29e78322c3f177c17d7

  • SHA512

    7f755512e458ca80375e86903d96b74b6aec41af9224a36144bebd597a3267c5ec06cc393eb19411f5ff87efcaa3f1252256609a4b00fce9309929ab692e6dfd

  • SSDEEP

    3072:z+F4P61vRUo6hyQGGRu9e3ofUm2GZsFYP6Jr/uiXuyJDkwLwoNYOv5z6zFvZK1YK:zD61vVgjr3z51ucJDkwH3sRMg2RUYxP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Vitima

C2

downhacking.ddns.net:1177

Mutex

0d39e4190d68272f174cf71722404520

Attributes
  • reg_key

    0d39e4190d68272f174cf71722404520

  • splitter

    |'|'|

Targets

    • Target

      22585ebd82d76f47eadc4dbdd6226f17_JaffaCakes118

    • Size

      365KB

    • MD5

      22585ebd82d76f47eadc4dbdd6226f17

    • SHA1

      c26365a632b42586cb4eceaf3ee3a64bc966c46d

    • SHA256

      2dc35fb8268ade4d1189d41c4908b64a2090a5429ef7f29e78322c3f177c17d7

    • SHA512

      7f755512e458ca80375e86903d96b74b6aec41af9224a36144bebd597a3267c5ec06cc393eb19411f5ff87efcaa3f1252256609a4b00fce9309929ab692e6dfd

    • SSDEEP

      3072:z+F4P61vRUo6hyQGGRu9e3ofUm2GZsFYP6Jr/uiXuyJDkwLwoNYOv5z6zFvZK1YK:zD61vVgjr3z51ucJDkwH3sRMg2RUYxP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks