General

  • Target

    864-108-0x0000000000530000-0x000000000053C000-memory.dmp

  • Size

    48KB

  • Sample

    240301-f1nhgsde7t

  • MD5

    8db7e32a950a79e964b972688a8e4a66

  • SHA1

    5edef841ef6a1e53a732703ebc3a6b7d2bc0a2e4

  • SHA256

    e348c42addb8f2f668f40d26f1e031cc36eb251d92197356d74e769be6229a64

  • SHA512

    1b9f1886a415273a800ea1f650ddacd0d5a49e3dabe7b8cec832511a7fda01cdb9cdc964c4fd2a8feff1419683dc933971403e54c21925362abf95806f55af48

  • SSDEEP

    384:N29qHflF+pkptmSZghV6AYBtc+GoKiL4KZqP+xcV+ocGJN8/S3Mqkvz8ZX:Eq/nQSkR9NEqioSKBmo

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

qcpanel.hackcrack.io:9561

Mutex

Windows Explorer

Attributes
  • reg_key

    Windows Explorer

  • splitter

    |'|'|

Targets

    • Target

      864-108-0x0000000000530000-0x000000000053C000-memory.dmp

    • Size

      48KB

    • MD5

      8db7e32a950a79e964b972688a8e4a66

    • SHA1

      5edef841ef6a1e53a732703ebc3a6b7d2bc0a2e4

    • SHA256

      e348c42addb8f2f668f40d26f1e031cc36eb251d92197356d74e769be6229a64

    • SHA512

      1b9f1886a415273a800ea1f650ddacd0d5a49e3dabe7b8cec832511a7fda01cdb9cdc964c4fd2a8feff1419683dc933971403e54c21925362abf95806f55af48

    • SSDEEP

      384:N29qHflF+pkptmSZghV6AYBtc+GoKiL4KZqP+xcV+ocGJN8/S3Mqkvz8ZX:Eq/nQSkR9NEqioSKBmo

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks