General

  • Target

    486c32527778d03a182ea138b120e65894c2a56694475d46cdaf8096c8315ef2

  • Size

    261KB

  • Sample

    210225-vlk5bwb5mj

  • MD5

    6dd8ab590a05ec69b30e6989607a2542

  • SHA1

    50a943051595ff93cd9d2136af3f952b21b7349c

  • SHA256

    486c32527778d03a182ea138b120e65894c2a56694475d46cdaf8096c8315ef2

  • SHA512

    8f8d06211c313e389aba49cae43157e4ccf81461817f5f94094818468f5df0beffc49f1eb89959d2cf59227b4ca9cb2c26c6285f0869abbb9fe840635003e03d

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

stub.ignorelist.com:5552

Mutex

2405c3a3dea6c1af008bb937f8f90e70

Attributes
  • reg_key

    2405c3a3dea6c1af008bb937f8f90e70

  • splitter

    |'|'|

Targets

    • Target

      486c32527778d03a182ea138b120e65894c2a56694475d46cdaf8096c8315ef2

    • Size

      261KB

    • MD5

      6dd8ab590a05ec69b30e6989607a2542

    • SHA1

      50a943051595ff93cd9d2136af3f952b21b7349c

    • SHA256

      486c32527778d03a182ea138b120e65894c2a56694475d46cdaf8096c8315ef2

    • SHA512

      8f8d06211c313e389aba49cae43157e4ccf81461817f5f94094818468f5df0beffc49f1eb89959d2cf59227b4ca9cb2c26c6285f0869abbb9fe840635003e03d

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Tasks