Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5e822693b6...43.exe

windows7-x64

10

5e822693b6...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643.exe

  • Size

    238KB

  • Sample

    250108-fwckesvrdz

  • MD5

    88e26964c9367eb3b37131f5e7398db6

  • SHA1

    74ff0f10f152d9d08a1b10e435bfbb158fa78efa

  • SHA256

    5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643

  • SHA512

    bf24ab078da2ab741bbf3c4e0115881f1cd8da506c96bbbf7efa571b9c884d677c7d91f7bea2532f8db815c970e174c56aa96ff99d275243f94966cba4d325ed

  • SSDEEP

    6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+Ua:ot3BVt8hBl2tgtCLsZhYFy+M1G

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

najrat13.no-ip.info:1177

Mutex

fe846520f3eb4e72966214ff26ac3a9d

Attributes
  • reg_key

    fe846520f3eb4e72966214ff26ac3a9d

  • splitter

    |'|'|

Targets

    • Target

      5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643.exe

    • Size

      238KB

    • MD5

      88e26964c9367eb3b37131f5e7398db6

    • SHA1

      74ff0f10f152d9d08a1b10e435bfbb158fa78efa

    • SHA256

      5e822693b6865c275db4a8cdcd29c8bbb916dc8af1eb7b55db375c006a99a643

    • SHA512

      bf24ab078da2ab741bbf3c4e0115881f1cd8da506c96bbbf7efa571b9c884d677c7d91f7bea2532f8db815c970e174c56aa96ff99d275243f94966cba4d325ed

    • SSDEEP

      6144:otRRBVuQ8hMNYl2tgtCASsZhYUIKtAzM1+Ua:ot3BVt8hBl2tgtCLsZhYFy+M1G

    Score
    10/10
    njrathackeddiscoveryevasionpersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks