Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Robux Generator.rar
-
Size
4.1MB
-
Sample
250208-zdzf1sslhy
-
MD5
2c7826eda56ff4b9c9134a6c746999d8
-
SHA1
21d64303ad8345252be050835e620ee2e74dba7a
-
SHA256
865e5ebcd7eb823bb5f06c4e27d2a551a08a768dbc8b88e6897a496ccc196c9c
-
SHA512
00cb9177937d881812d5985d7b68e2631abf1ecc397696bf170b26d5dde0fb8fc0523ded16378919161079d775f93239df611fd5261cf4b4d3b56ccfa61fc7ee
-
SSDEEP
98304:4/t1c1yPqY+nb2cvg/1X6AIqYmUeZrm/eMl5my0M0VC3OS5+4:4/f5q/Sc4/1qTPmm/eMl5iPCb84
Malware Config
Extracted
njrat
0.7d
Robux Generator
chromasvaldo.ddns.net:1177
e6c3f793d259bb6e09e51129bcf1a94f
-
reg_key
e6c3f793d259bb6e09e51129bcf1a94f
-
splitter
|'|'|
Targets
-
-
Target
Robux Generator.exe
-
Size
486KB
-
MD5
6f14554ba359725f14b29b988ecad563
-
SHA1
1be38cdaf764d9eca1ffb8864afd673e4e85f493
-
SHA256
ded4912af5e5940c909772abd849e9297fcef31d25b7fa77e28946d5c506e1d7
-
SHA512
85fcf4da8308bff28d77ada7f3255094cfa77a88bca2241e7a6859774fe06d946f21b3a6b2eeea93c27dd84bbb9b1674c4f5789aa54f84ce9d58fced0c22299d
-
SSDEEP
6144:Ec0h522p3l04ZMSmIp3Uy28uhyj6w3LTSbKC8RBoCj62iMPWpXQjOHbvryzUDCN4:yhxp3lZnT9bDqw3hCPCj6e2gov2zz0x
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1