Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_6531706b8e4f38ca29526f2181daa0e0

  • Size

    10KB

  • Sample

    250102-pzh12svpdl

  • MD5

    6531706b8e4f38ca29526f2181daa0e0

  • SHA1

    a7f7304673ad7a3504e760289e613f542587836c

  • SHA256

    1ce4ea54eafcf811b5a514d025ae16e48ec373ce3075c4209ee2ed8cc1992697

  • SHA512

    6fb0f3d743541ebd7fc6022dfa6102721973082203b8dd1c70306b34ed3440b55f9d66e1237dd91447600eb2985e3ceda22094b64d3034d90e6d882d6edf3daa

  • SSDEEP

    192:TPX4HUGQGpJqvlONl7LHnvIi5T3IRhf20LhKB5CojE2cQUJeN:TPXcUGIvlwpDDc7+as5S2RUJM

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:2

Mutex

bffc5943312236f25f226a963615a8d2

Attributes
  • reg_key

    bffc5943312236f25f226a963615a8d2

  • splitter

    |'|'|

Targets

    • Target

      sample

    • Size

      22KB

    • MD5

      088923c76ec46ee811eba5bb390fd5e9

    • SHA1

      8ddbd16409e30e605180290fd83082e2c4763d5d

    • SHA256

      fef4346086269ea024a31a1389af9553ed4a8a70185472c39c4fc5ae48e4d1ac

    • SHA512

      61248bd42970a43f00c0df351379a59bdd4b5d058221db3f46acaeb3547a19cde5081faed2456cd77e2868ec3c8226423058cd56860bbdda4cd0346ec317aed9

    • SSDEEP

      384:1YmCsg/yJrQ7hucGSl7UJx4g6JgfCcosjddmRvR6JZlbw8hqIusZzZz4:qrG0Btl7rRpcnuv

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks