General

  • Target

    24f292cbdcea806c0f2a9cdeb0faf002

  • Size

    23KB

  • Sample

    201214-26sh7sdtha

  • MD5

    24f292cbdcea806c0f2a9cdeb0faf002

  • SHA1

    42f7aff666da63a24978ffe545886d5dc0a91b2d

  • SHA256

    503396cf812da8b1de3a45dab349ab10067a2101ee9f9a85bc4549f7b237c361

  • SHA512

    c0dfed251daac747980e87a3f2cad076faf83373810716b7963ffeefc05dc461475223cfa71efcdca17de9a4c844ca894d59e0ce24cf73c185e6b5e59dc76ed5

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

2db48b2f28c6f491d0ed69b21aa9e554

Attributes
  • reg_key

    2db48b2f28c6f491d0ed69b21aa9e554

  • splitter

    |'|'|

Targets

    • Target

      24f292cbdcea806c0f2a9cdeb0faf002

    • Size

      23KB

    • MD5

      24f292cbdcea806c0f2a9cdeb0faf002

    • SHA1

      42f7aff666da63a24978ffe545886d5dc0a91b2d

    • SHA256

      503396cf812da8b1de3a45dab349ab10067a2101ee9f9a85bc4549f7b237c361

    • SHA512

      c0dfed251daac747980e87a3f2cad076faf83373810716b7963ffeefc05dc461475223cfa71efcdca17de9a4c844ca894d59e0ce24cf73c185e6b5e59dc76ed5

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

System Information Discovery

1
T1082

Tasks