Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
35878e739cca8c22bc48eb8c44fb54565919a94aa48daa6e59cd1347518d12a3N.exe
-
Size
28KB
-
Sample
250202-h4mfpstjel
-
MD5
148d4471d91cf2206305ceca0ebdbcf0
-
SHA1
e695e5fe0ed5500f7ee7fad3f3f30acc24bfb689
-
SHA256
35878e739cca8c22bc48eb8c44fb54565919a94aa48daa6e59cd1347518d12a3
-
SHA512
1b8a795c126c0ae085163065c35c4a17469535d3b1e4bb070635502d42a6d7a06b5b770d0c4ffc0b84daf87ecf0d2bb3f8722001cfe7953bb988f23414940dc9
-
SSDEEP
768:/bNAbS3gEbKmqLWaWViqs2A6F+dMHqfO8nzR4:/5A0gABqLWnViMF3cS
Malware Config
Extracted
njrat
0.7d
A3
supportinformtion.serveirc.com:9699
30967b141a634907236835b8c35d7d43
-
reg_key
30967b141a634907236835b8c35d7d43
-
splitter
|'|'|
Targets
-
-
Target
35878e739cca8c22bc48eb8c44fb54565919a94aa48daa6e59cd1347518d12a3N.exe
-
Size
28KB
-
MD5
148d4471d91cf2206305ceca0ebdbcf0
-
SHA1
e695e5fe0ed5500f7ee7fad3f3f30acc24bfb689
-
SHA256
35878e739cca8c22bc48eb8c44fb54565919a94aa48daa6e59cd1347518d12a3
-
SHA512
1b8a795c126c0ae085163065c35c4a17469535d3b1e4bb070635502d42a6d7a06b5b770d0c4ffc0b84daf87ecf0d2bb3f8722001cfe7953bb988f23414940dc9
-
SSDEEP
768:/bNAbS3gEbKmqLWaWViqs2A6F+dMHqfO8nzR4:/5A0gABqLWnViMF3cS
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1