Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_69f29a8cb60aa6cf1c6caab6ab6a4a5f

  • Size

    99KB

  • Sample

    250107-sjkfqayjaq

  • MD5

    69f29a8cb60aa6cf1c6caab6ab6a4a5f

  • SHA1

    935243828007ecbec099735ace9e499a2b1aefa4

  • SHA256

    9dd781011a949fc71a72f5f34b14f7a862a1b530d9cf5ad516aad2e7dcf52c60

  • SHA512

    28f56a0a02d440a1a24340b58eafe01fa37d4499bac5bc43850368f749308dff59f41f6b66ac8491c7b7838c3ba99643c5eb47ff025d89828c64faabaa69e0ec

  • SSDEEP

    1536:CzIElEkSCxdMK3olT5+oabxtyq9F2to9rO1wR22IFqK6vlFLlrK:CzIEuEdd3oh5CEGU3XwE

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.11.141:5552

Mutex

78aba1c78ff26f1db3f972471aed1aa2

Attributes
  • reg_key

    78aba1c78ff26f1db3f972471aed1aa2

  • splitter

    |'|'|

Targets

    • Target

      JaffaCakes118_69f29a8cb60aa6cf1c6caab6ab6a4a5f

    • Size

      99KB

    • MD5

      69f29a8cb60aa6cf1c6caab6ab6a4a5f

    • SHA1

      935243828007ecbec099735ace9e499a2b1aefa4

    • SHA256

      9dd781011a949fc71a72f5f34b14f7a862a1b530d9cf5ad516aad2e7dcf52c60

    • SHA512

      28f56a0a02d440a1a24340b58eafe01fa37d4499bac5bc43850368f749308dff59f41f6b66ac8491c7b7838c3ba99643c5eb47ff025d89828c64faabaa69e0ec

    • SSDEEP

      1536:CzIElEkSCxdMK3olT5+oabxtyq9F2to9rO1wR22IFqK6vlFLlrK:CzIEuEdd3oh5CEGU3XwE

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks