Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/01/2024, 02:42

240117-c7jakafcbk 10

General

  • Target

    voicemeeter.exe

  • Size

    37KB

  • Sample

    240117-c7jakafcbk

  • MD5

    db9d6874f1783347f3b54a4b0895e8e8

  • SHA1

    abf7b342f75e8fd6dd201864ff378356b9fad200

  • SHA256

    419b8955b84c26d0eb443a9290892fcd22d777fa5144cfff5f1328d4023845ef

  • SHA512

    22340fb21fc67b5939a6236805be8d859344869b3dec3940cf837577fa64a2d4ea79df81b7588bf3579da23908880981c642223064ca80d0e5325e0875ef074d

  • SSDEEP

    384:XoNqiUx54NLHdayszfhen9XsWiXArAF+rMRTyN/0L+EcoinblneHQM3epzXtNrn0:4rZdJszfhex9iwrM+rMRa8Nurqt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

bit-number.gl.at.ply.gg:53003

Mutex

e0d9528ae802acc08bc47fdf4f0fa2b2

Attributes
  • reg_key

    e0d9528ae802acc08bc47fdf4f0fa2b2

  • splitter

    |'|'|

Targets

    • Target

      voicemeeter.exe

    • Size

      37KB

    • MD5

      db9d6874f1783347f3b54a4b0895e8e8

    • SHA1

      abf7b342f75e8fd6dd201864ff378356b9fad200

    • SHA256

      419b8955b84c26d0eb443a9290892fcd22d777fa5144cfff5f1328d4023845ef

    • SHA512

      22340fb21fc67b5939a6236805be8d859344869b3dec3940cf837577fa64a2d4ea79df81b7588bf3579da23908880981c642223064ca80d0e5325e0875ef074d

    • SSDEEP

      384:XoNqiUx54NLHdayszfhen9XsWiXArAF+rMRTyN/0L+EcoinblneHQM3epzXtNrn0:4rZdJszfhex9iwrM+rMRa8Nurqt

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks