General

  • Target

    71117aba5e5658ea93f79d2f9c90f690

  • Size

    23KB

  • Sample

    201214-b84lnvw46j

  • MD5

    71117aba5e5658ea93f79d2f9c90f690

  • SHA1

    aeb2fbce91d7876911aede63d14bb94b1d1472bd

  • SHA256

    da631dc7bec32affa30ecd7b628470b51fd2a8def1a9674e68bbd4aa0e248789

  • SHA512

    f5acda3d5e36b1aff4183ba5e162e0e986d46c848ac945b865104426fb62a2103bfdfa6a9f0f7258e31ace03b0ddf1cab6003bcd4a1d19e5c90353044b006d36

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

bae

C2

asasasbb.hopto.org:81

Mutex

90ea31345bb2b19708b6ad94c9a81128

Attributes
  • reg_key

    90ea31345bb2b19708b6ad94c9a81128

  • splitter

    |'|'|

Targets

    • Target

      71117aba5e5658ea93f79d2f9c90f690

    • Size

      23KB

    • MD5

      71117aba5e5658ea93f79d2f9c90f690

    • SHA1

      aeb2fbce91d7876911aede63d14bb94b1d1472bd

    • SHA256

      da631dc7bec32affa30ecd7b628470b51fd2a8def1a9674e68bbd4aa0e248789

    • SHA512

      f5acda3d5e36b1aff4183ba5e162e0e986d46c848ac945b865104426fb62a2103bfdfa6a9f0f7258e31ace03b0ddf1cab6003bcd4a1d19e5c90353044b006d36

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks