General

  • Target

    df4bc0d07bc6c384a0bf015959ea86cc7fd26853cd74f106e1e1711eb8d33bac

  • Size

    844KB

  • Sample

    210225-zlx6klvzxe

  • MD5

    835f6ee387f6aaba66d60ea767251cc0

  • SHA1

    23376c7cba83e23ba7a2dfed111350de63e074c5

  • SHA256

    df4bc0d07bc6c384a0bf015959ea86cc7fd26853cd74f106e1e1711eb8d33bac

  • SHA512

    da876a68bf89e664fd07605fbb990ea86d05b40288fde0a3bc624ed45af7b488a919e5cc09470fda7a177b76317a2207b95747a27be03079e4130658aec27768

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

复制复美制复美

C2

stub.ignorelist.com:5553

Mutex

7eff2c663900177724a87e555419c2bb

Attributes
  • reg_key

    7eff2c663900177724a87e555419c2bb

  • splitter

    |'|'|

Targets

    • Target

      df4bc0d07bc6c384a0bf015959ea86cc7fd26853cd74f106e1e1711eb8d33bac

    • Size

      844KB

    • MD5

      835f6ee387f6aaba66d60ea767251cc0

    • SHA1

      23376c7cba83e23ba7a2dfed111350de63e074c5

    • SHA256

      df4bc0d07bc6c384a0bf015959ea86cc7fd26853cd74f106e1e1711eb8d33bac

    • SHA512

      da876a68bf89e664fd07605fbb990ea86d05b40288fde0a3bc624ed45af7b488a919e5cc09470fda7a177b76317a2207b95747a27be03079e4130658aec27768

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks