General

  • Target

    60692010ec5f41a874f5bcb5751b18e3

  • Size

    23KB

  • Sample

    201214-h443cl8rea

  • MD5

    60692010ec5f41a874f5bcb5751b18e3

  • SHA1

    e87357fdfe5e53c277505358a0f4a4e13d029a79

  • SHA256

    8610bfb6154abe78bd6f16ee1405cf372fef86bfbc746573b7df82448b2668f7

  • SHA512

    dfba57e59a19ccac913ab8516e77a5c1ca3378ee3f09118c446b349e52a7771a2fd9b949c636ff313ba8f596ea1758e95778b3126e508da4dcad74539cb553de

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacker

C2

trogen123.ddns.net:1177

Mutex

f3ca647d31447f55fb8ca1d235459281

Attributes
  • reg_key

    f3ca647d31447f55fb8ca1d235459281

  • splitter

    |'|'|

Targets

    • Target

      60692010ec5f41a874f5bcb5751b18e3

    • Size

      23KB

    • MD5

      60692010ec5f41a874f5bcb5751b18e3

    • SHA1

      e87357fdfe5e53c277505358a0f4a4e13d029a79

    • SHA256

      8610bfb6154abe78bd6f16ee1405cf372fef86bfbc746573b7df82448b2668f7

    • SHA512

      dfba57e59a19ccac913ab8516e77a5c1ca3378ee3f09118c446b349e52a7771a2fd9b949c636ff313ba8f596ea1758e95778b3126e508da4dcad74539cb553de

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks