Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643.exe

  • Size

    238KB

  • Sample

    250108-fwckesvrdz

  • MD5

    88e26964c9367eb3b37131f5e7398db6

  • SHA1

    74ff0f10f152d9d08a1b10e435bfbb158fa78efa

  • SHA256

    5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643

  • SHA512

    bf24ab078da2ab741bbf3c4e0115881f1cd8da506c96bbbf7efa571b9c884d677c7d91f7bea2532f8db815c970e174c56aa96ff99d275243f94966cba4d325ed

  • SSDEEP

    6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+Ua:ot3BVt8hBl2tgtCLsZhYFy+M1G

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

najrat13.no-ip.info:1177

Mutex

fe846520f3eb4e72966214ff26ac3a9d

Attributes
  • reg_key

    fe846520f3eb4e72966214ff26ac3a9d

  • splitter

    |'|'|

Targets

    • Target

      5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643.exe

    • Size

      238KB

    • MD5

      88e26964c9367eb3b37131f5e7398db6

    • SHA1

      74ff0f10f152d9d08a1b10e435bfbb158fa78efa

    • SHA256

      5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643

    • SHA512

      bf24ab078da2ab741bbf3c4e0115881f1cd8da506c96bbbf7efa571b9c884d677c7d91f7bea2532f8db815c970e174c56aa96ff99d275243f94966cba4d325ed

    • SSDEEP

      6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+Ua:ot3BVt8hBl2tgtCLsZhYFy+M1G

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks