Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1243.exe

windows7-x64

10

1243.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1243.exe

  • Size

    292KB

  • Sample

    241222-td2cqaspex

  • MD5

    0537a39ec65bcbd5a1b1501ec57cf2b4

  • SHA1

    7e8dfbfafcc6795ecb1dffb2ae3267f325a77375

  • SHA256

    b8e4e2776a0d1ddef193326e960d1a0e11d6489610595faa13f57c33103b95a7

  • SHA512

    43dbaaf81e602bfb8b02763b4936157440ed9d301f789903199b21bbcd0da7cf94398e17cc579b887780452284c70a3e1bf8567d65dae5626c655c0c460f0b63

  • SSDEEP

    6144:hrYOdblgpFGv4oO6dcwnOZ4YXo0x9PEfxwQCRW:h5OFGwvKc+leh+RD

Score
10/10
njratvictimdiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

fat-pads.gl.at.ply.gg:35059

Mutex

e564aa028dc627deeaa119b78ed54d5e

Attributes
  • reg_key

    e564aa028dc627deeaa119b78ed54d5e

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      1243.exe

    • Size

      292KB

    • MD5

      0537a39ec65bcbd5a1b1501ec57cf2b4

    • SHA1

      7e8dfbfafcc6795ecb1dffb2ae3267f325a77375

    • SHA256

      b8e4e2776a0d1ddef193326e960d1a0e11d6489610595faa13f57c33103b95a7

    • SHA512

      43dbaaf81e602bfb8b02763b4936157440ed9d301f789903199b21bbcd0da7cf94398e17cc579b887780452284c70a3e1bf8567d65dae5626c655c0c460f0b63

    • SSDEEP

      6144:hrYOdblgpFGv4oO6dcwnOZ4YXo0x9PEfxwQCRW:h5OFGwvKc+leh+RD

    Score
    10/10
    njratvictimdiscoverypersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks