4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638

General
Target

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638

Size

284KB

Sample

210914-jl44gafcb9

Score
10 /10
MD5

7b7de9fdef6b59dea770e47a0cfed2b8

SHA1

f412f80e1fea88252812a24de47d005fae4f6543

SHA256

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638

SHA512

70cd76cdaa22533abb0917d730df0715787ef4ba10873c89552809160aa107c8025ae25a8e5233bccd06184c4114f85121d209d77b2fe717eac506fc38a21b83

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet ألــ,ــكــ,ــســ,ــنــ,ــدر
C2

mamoon.ddns.net:4444

Attributes
reg_key
9aa65ce09b29cba73578685095ab8877
splitter
|'|'|
Targets
Target

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638

MD5

7b7de9fdef6b59dea770e47a0cfed2b8

Filesize

284KB

Score
10 /10
SHA1

f412f80e1fea88252812a24de47d005fae4f6543

SHA256

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638

SHA512

70cd76cdaa22533abb0917d730df0715787ef4ba10873c89552809160aa107c8025ae25a8e5233bccd06184c4114f85121d209d77b2fe717eac506fc38a21b83

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation