Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New Project 1.exe
-
Size
5.3MB
-
Sample
250122-xz3dpasjgl
-
MD5
b6f0198be0dd6b37cae764d9a969366e
-
SHA1
aa8d5622aea5a0024f54d70f873fb3e8d32bfa13
-
SHA256
49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc
-
SHA512
92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513
-
SSDEEP
98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9
Malware Config
Targets
-
-
Target
New Project 1.exe
-
Size
5.3MB
-
MD5
b6f0198be0dd6b37cae764d9a969366e
-
SHA1
aa8d5622aea5a0024f54d70f873fb3e8d32bfa13
-
SHA256
49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc
-
SHA512
92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513
-
SSDEEP
98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1