Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_6c2f4dfea5d113843c09d4f940ae1c90

  • Size

    55KB

  • Sample

    250103-m7vnpsznc1

  • MD5

    6c2f4dfea5d113843c09d4f940ae1c90

  • SHA1

    3ded29de56f4d4c986a3bc85bf878622e2814641

  • SHA256

    902dcd066ae1cf9d5597c41fada88041bed6756e7f587f2b0379dc45fa3f8aa8

  • SHA512

    97fd2da037a194ffbaf3746ddc66bdb17e0b3416ae4c092f7456b3bffe2352f837bab4dd68a9fff97cd6c506e7240fc1c6133c3c9354c068c77d48398331cef4

  • SSDEEP

    1536:spx1cAd08AzTC+r47E5B0x5IXQdzGOF/rx:kx1cAdJETNrkiuxWAM8x

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

جديد

C2

kazimali00.no-ip.org:5552

Mutex

92c0d81affa225c91e4be25ce2f1a838

Attributes
  • reg_key

    92c0d81affa225c91e4be25ce2f1a838

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_6c2f4dfea5d113843c09d4f940ae1c90

    • Size

      55KB

    • MD5

      6c2f4dfea5d113843c09d4f940ae1c90

    • SHA1

      3ded29de56f4d4c986a3bc85bf878622e2814641

    • SHA256

      902dcd066ae1cf9d5597c41fada88041bed6756e7f587f2b0379dc45fa3f8aa8

    • SHA512

      97fd2da037a194ffbaf3746ddc66bdb17e0b3416ae4c092f7456b3bffe2352f837bab4dd68a9fff97cd6c506e7240fc1c6133c3c9354c068c77d48398331cef4

    • SSDEEP

      1536:spx1cAd08AzTC+r47E5B0x5IXQdzGOF/rx:kx1cAdJETNrkiuxWAM8x

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks