Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6e815a0305b3151a23e1619e617d95f34be383b0837971b7f9e410999be6c427.exe
-
Size
23KB
-
Sample
241218-h88vhazrfn
-
MD5
89e3b86bf3dc88f3bf9ec1fbe15a565b
-
SHA1
1c76abe6f0a1fe99cb5f07ef8a6eab01d78182cf
-
SHA256
6e815a0305b3151a23e1619e617d95f34be383b0837971b7f9e410999be6c427
-
SHA512
fb8dc60c5999b3ae005498406e5c0c459f02d3f5efe28d18da8e2a93fd7ee3d9abd6d9815a775fd115ea8b767d03420aa467eeff7f590cba30f0a3db9801326b
-
SSDEEP
384:ZMKyOkBkRbohza8yuTUt7u06zgV4a5pzomRvR6JZlbw8hqIusZzZr3rv:y/YI1T0RpcnuArv
Malware Config
Extracted
njrat
0.7d
kaka
chakala.no-ip.biz:5552
4c7549b66a934af47e80f87411139e0a
-
reg_key
4c7549b66a934af47e80f87411139e0a
-
splitter
|'|'|
Targets
-
-
Target
6e815a0305b3151a23e1619e617d95f34be383b0837971b7f9e410999be6c427.exe
-
Size
23KB
-
MD5
89e3b86bf3dc88f3bf9ec1fbe15a565b
-
SHA1
1c76abe6f0a1fe99cb5f07ef8a6eab01d78182cf
-
SHA256
6e815a0305b3151a23e1619e617d95f34be383b0837971b7f9e410999be6c427
-
SHA512
fb8dc60c5999b3ae005498406e5c0c459f02d3f5efe28d18da8e2a93fd7ee3d9abd6d9815a775fd115ea8b767d03420aa467eeff7f590cba30f0a3db9801326b
-
SSDEEP
384:ZMKyOkBkRbohza8yuTUt7u06zgV4a5pzomRvR6JZlbw8hqIusZzZr3rv:y/YI1T0RpcnuArv
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1