General

  • Target

    6838591f462c336b1acdcbb27304cc4c

  • Size

    23KB

  • Sample

    201214-bdpxpzj8g2

  • MD5

    6838591f462c336b1acdcbb27304cc4c

  • SHA1

    b4a48310ffbebb84d19f219dfcfdb18fcd254ccf

  • SHA256

    92a125397e9023a9dda19c1d11a770c29f07b06b3b3d19e60a14d5584ce18ad4

  • SHA512

    67708341db96e367717600ab549f145048e1a2ff3c113f41a814a55f7a3fba7ec3bcad340e76d7f1c3f1a673097c91aa6c4a7c19120cd223306d13f49421d1d6

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      6838591f462c336b1acdcbb27304cc4c

    • Size

      23KB

    • MD5

      6838591f462c336b1acdcbb27304cc4c

    • SHA1

      b4a48310ffbebb84d19f219dfcfdb18fcd254ccf

    • SHA256

      92a125397e9023a9dda19c1d11a770c29f07b06b3b3d19e60a14d5584ce18ad4

    • SHA512

      67708341db96e367717600ab549f145048e1a2ff3c113f41a814a55f7a3fba7ec3bcad340e76d7f1c3f1a673097c91aa6c4a7c19120cd223306d13f49421d1d6

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks