Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cfb9c71fc5a1fc750db82440c45ca5e1f7ef557d5ad0f1cb50dd14a2c2621b19N.exe
-
Size
23KB
-
Sample
250208-emj3gavrgj
-
MD5
4ab6caa1143a0bf110bfde47d5285ac0
-
SHA1
afb9ceb67fcaee2beb9cd08d45018cabb7ece4bf
-
SHA256
cfb9c71fc5a1fc750db82440c45ca5e1f7ef557d5ad0f1cb50dd14a2c2621b19
-
SHA512
6e0bab4035120373702eb6faa77a8c4b11a3c654a3c6890a61aa6d4285cc0bb7933d2bb38772bbf4f3c590c017205d6e005a846f77cc9fab9b53dda4aeb3c4e9
-
SSDEEP
384:07luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZu4:0EOmhtIiRpcnug
Malware Config
Extracted
njrat
0.7d
Prime
updatservice3457.ddns.net:5552
604be2a3a005846db577612359e0d347
-
reg_key
604be2a3a005846db577612359e0d347
-
splitter
|'|'|
Targets
-
-
Target
cfb9c71fc5a1fc750db82440c45ca5e1f7ef557d5ad0f1cb50dd14a2c2621b19N.exe
-
Size
23KB
-
MD5
4ab6caa1143a0bf110bfde47d5285ac0
-
SHA1
afb9ceb67fcaee2beb9cd08d45018cabb7ece4bf
-
SHA256
cfb9c71fc5a1fc750db82440c45ca5e1f7ef557d5ad0f1cb50dd14a2c2621b19
-
SHA512
6e0bab4035120373702eb6faa77a8c4b11a3c654a3c6890a61aa6d4285cc0bb7933d2bb38772bbf4f3c590c017205d6e005a846f77cc9fab9b53dda4aeb3c4e9
-
SSDEEP
384:07luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZu4:0EOmhtIiRpcnug
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1