04E1A14639F9FD0903F21EDD99B1CADC9267B0AC2F402.exe

General
Target

04E1A14639F9FD0903F21EDD99B1CADC9267B0AC2F402.exe

Size

91KB

Sample

210916-axxzvsegdj

Score
10 /10
MD5

8e0342b0a50e046c2b22f6d9548024eb

SHA1

0378936325dd0a19ac2547ad462017db60d9d315

SHA256

04e1a14639f9fd0903f21edd99b1cadc9267b0ac2f402863d6eb3acc4d48acf7

SHA512

cc9a2a0bcfbfd686b7be8487cc95eec046b30a46878cea40a457082478b5b6f00965b54d81cf4a3b7659fd087a27e0f0ad1c6f47cbbab7ff82f5b5bc3fb95876

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

kanichnadia.duckdns.org:1979

Attributes
reg_key
c9b81cdf127358c4e9ff59acf837f3c6
splitter
|'|'|
Targets
Target

04E1A14639F9FD0903F21EDD99B1CADC9267B0AC2F402.exe

MD5

8e0342b0a50e046c2b22f6d9548024eb

Filesize

91KB

Score
10/10
SHA1

0378936325dd0a19ac2547ad462017db60d9d315

SHA256

04e1a14639f9fd0903f21edd99b1cadc9267b0ac2f402863d6eb3acc4d48acf7

SHA512

cc9a2a0bcfbfd686b7be8487cc95eec046b30a46878cea40a457082478b5b6f00965b54d81cf4a3b7659fd087a27e0f0ad1c6f47cbbab7ff82f5b5bc3fb95876

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Privilege Escalation
                        Tasks

                        static1