3D8B03DD0D32E8B35E85D8F3FE30C4DF806607B506C46.exe

General
Target

3D8B03DD0D32E8B35E85D8F3FE30C4DF806607B506C46.exe

Size

254KB

Sample

210914-z3tl3abchq

Score
10 /10
MD5

0a8eb56e089d298f7dab780b3218e504

SHA1

5963b1eb8243672225721ee5ce897eae2c748f8f

SHA256

3d8b03dd0d32e8b35e85d8f3fe30c4df806607b506c465c35ca66c2e93ae489d

SHA512

b650775cf304a323e22cdeee3da91acb10bc80a9f7d6e4e913c7f5d5cfe9c0533e89ae8af3a0338813e4439841f01dd7c6a5729d83a4034bacf89ea39cd3a066

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

fr3onhoms.ddns.net:5552

Attributes
reg_key
39142952441e8c6dd1c68259493b5832
splitter
|'|'|
Targets
Target

3D8B03DD0D32E8B35E85D8F3FE30C4DF806607B506C46.exe

MD5

0a8eb56e089d298f7dab780b3218e504

Filesize

254KB

Score
10 /10
SHA1

5963b1eb8243672225721ee5ce897eae2c748f8f

SHA256

3d8b03dd0d32e8b35e85d8f3fe30c4df806607b506c465c35ca66c2e93ae489d

SHA512

b650775cf304a323e22cdeee3da91acb10bc80a9f7d6e4e913c7f5d5cfe9c0533e89ae8af3a0338813e4439841f01dd7c6a5729d83a4034bacf89ea39cd3a066

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10