Resubmissions

31-08-2024 16:52

240831-vdnmasvcqn 10

31-08-2024 16:50

240831-vcc46svcjq 10

General

  • Target

    vanity crack.rar

  • Size

    31KB

  • Sample

    240831-vdnmasvcqn

  • MD5

    e7e8c447e2a7de8de4c5c30ec43516b5

  • SHA1

    d13bf36e5819017c82ca0e4e6ab42fa9bbf1321b

  • SHA256

    c53d5de0df7c54c81828d7994d012b3368300bb8c8181327a9759b11756a4a30

  • SHA512

    c0bc741643aa5fa8cf7588130a401c41c6b0d51dc32809f684975d073eedc9afee22a94b2ed91c7c6cdf286a0270f6943def3e62b2cae816ad7758161ad11258

  • SSDEEP

    768:1X94hip/QgtAzaDwwxklM4Isr+uGV9I2K3anB8YYHqWYVt:1XyhYbAza8KCGVm2K3ainqt

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

147.185.221.22:26711

Mutex

73cb6c63a3026592d5170aa3e4fa39c7

Attributes
  • reg_key

    73cb6c63a3026592d5170aa3e4fa39c7

  • splitter

    |'|'|

Targets

    • Target

      vanity crack.exe

    • Size

      93KB

    • MD5

      f2895b196e1cd8abac43232b366b6f96

    • SHA1

      271c71ef80184f30f170987adea77c86c4d9ba58

    • SHA256

      8934d9269d3a680383f20326e905cd9ad6ce11bf3d08cb2ff7c7c9bb07d6c9b7

    • SHA512

      7c93e3246d5d23f7e4c0495c5eec02a1c66a669781413ed1f890ea4d470f980219b063f42b2adc3e00e01b78b7f7a8388852ed1d314f309739c5e57423ad8b22

    • SSDEEP

      1536:RejJD/HBZbszKu9AZpy7r1jEwzGi1dDlD8gS:ReCzK4AZwHCi1dhV

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks