General

  • Target

    87862862590c9d404639ac3efa951146

  • Size

    31KB

  • Sample

    201214-f725xdbtya

  • MD5

    87862862590c9d404639ac3efa951146

  • SHA1

    52b442a0c2d4048f6910e71ed82062507b4a337c

  • SHA256

    647345904aaff6b33fbf5d2a33325f3ec43ad3fc83359f38d6510ca1cb421277

  • SHA512

    019ee31ead04e222c32a6a2f1d8e82657550891656b186aa5f8e0d657ad83c0be4678d962384675a0a0509d6b2b5923d3e1bddf1f2364216d01eb9a22225b777

Malware Config

Extracted

Family

njrat

Botnet

JokeV1

Mutex

29a9d77dac482d0db10193f119bf99a5

Attributes
  • reg_key

    29a9d77dac482d0db10193f119bf99a5

Targets

    • Target

      87862862590c9d404639ac3efa951146

    • Size

      31KB

    • MD5

      87862862590c9d404639ac3efa951146

    • SHA1

      52b442a0c2d4048f6910e71ed82062507b4a337c

    • SHA256

      647345904aaff6b33fbf5d2a33325f3ec43ad3fc83359f38d6510ca1cb421277

    • SHA512

      019ee31ead04e222c32a6a2f1d8e82657550891656b186aa5f8e0d657ad83c0be4678d962384675a0a0509d6b2b5923d3e1bddf1f2364216d01eb9a22225b777

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks