Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_65616408e2f1db8638cb9961e1b57ac0
-
Size
104KB
-
Sample
250102-qks35swlhr
-
MD5
65616408e2f1db8638cb9961e1b57ac0
-
SHA1
743620f9677ef3571b77059f14861860623d3f88
-
SHA256
e30ee02331f1bd99703610759ebfa0bb5d25b70a7690a2f1753c24f7997e8250
-
SHA512
3884c57f07beee657c8dc5f57aa8606b7a38a54fe28652f48781dbb25afb5d3d47e5000f12f942cd1e0da1e9498fd036601bb2f9b4554f1e88fa3fe3ece38bfc
-
SSDEEP
3072:+Ma3e8/K0wiDGtCbdlflYxY8LblmIm8ed7pW:Ta3eBxVCfRKxmsed7p
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_65616408e2f1db8638cb9961e1b57ac0
-
Size
104KB
-
MD5
65616408e2f1db8638cb9961e1b57ac0
-
SHA1
743620f9677ef3571b77059f14861860623d3f88
-
SHA256
e30ee02331f1bd99703610759ebfa0bb5d25b70a7690a2f1753c24f7997e8250
-
SHA512
3884c57f07beee657c8dc5f57aa8606b7a38a54fe28652f48781dbb25afb5d3d47e5000f12f942cd1e0da1e9498fd036601bb2f9b4554f1e88fa3fe3ece38bfc
-
SSDEEP
3072:+Ma3e8/K0wiDGtCbdlflYxY8LblmIm8ed7pW:Ta3eBxVCfRKxmsed7p
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1