Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_458b3198a1d496e4e797b54a6a4d9430

  • Size

    363KB

  • Sample

    250101-d1zveavrhq

  • MD5

    458b3198a1d496e4e797b54a6a4d9430

  • SHA1

    a2d31ef96b92347a5f279d0aceb123f0cae3c1bc

  • SHA256

    3b6cbf53c43d94345e527abf8d350865275b4218d97c9c020be8ee332e6b8d39

  • SHA512

    4fed07572a24c89e31dc9e879d20573aa64566fc9305b9a1a37c25b070dbde8d1c8882ab7057ad0febb50b14b7da939d31c3e40e71dfb09864fa996555f37637

  • SSDEEP

    6144:nlheliWR+TKe7HfyA2kRUMIeY3ti+W+8f33Qq2:nfeA7H3VUMIeY3tHWVfR

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

hackermh123.no-ip.biz:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_458b3198a1d496e4e797b54a6a4d9430

    • Size

      363KB

    • MD5

      458b3198a1d496e4e797b54a6a4d9430

    • SHA1

      a2d31ef96b92347a5f279d0aceb123f0cae3c1bc

    • SHA256

      3b6cbf53c43d94345e527abf8d350865275b4218d97c9c020be8ee332e6b8d39

    • SHA512

      4fed07572a24c89e31dc9e879d20573aa64566fc9305b9a1a37c25b070dbde8d1c8882ab7057ad0febb50b14b7da939d31c3e40e71dfb09864fa996555f37637

    • SSDEEP

      6144:nlheliWR+TKe7HfyA2kRUMIeY3ti+W+8f33Qq2:nfeA7H3VUMIeY3tHWVfR

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks