6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe

General
Target

6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe

Size

82KB

Sample

210916-q8pqmadef6

Score
10 /10
MD5

42f06a2dd04a0b84c019557cc07f0cb6

SHA1

9f8b00c0cefd6e80ed813ac25b55b57e1289c724

SHA256

6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998

SHA512

15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556

Malware Config

Extracted

Family njrat
Version 0.7 MultiHost
Botnet 000000
C2

karmina112.sytes.net,karmina115.sytes.net,burdun.dynu.net,burdun115.dynu.net,anunankis3.duckdns.org:1177

Attributes
reg_key
670b14728ad9902aecba32e22fa4f6bd
splitter
|'|'|
Targets
Target

6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe

MD5

42f06a2dd04a0b84c019557cc07f0cb6

Filesize

82KB

Score
10/10
SHA1

9f8b00c0cefd6e80ed813ac25b55b57e1289c724

SHA256

6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998

SHA512

15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10