Description
Widely used RAT written in .NET.
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
General
Target
Size
Sample
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
82KB
210916-rb4c7agddq
Score
10 /10
MD5
SHA1
SHA256
SHA512
42f06a2dd04a0b84c019557cc07f0cb6
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Malware Config
Extracted
| Family | njrat |
| Version | 0.7 MultiHost |
| Botnet | 000000 |
| C2 |
karmina112.sytes.net,karmina115.sytes.net,burdun.dynu.net,burdun115.dynu.net,anunankis3.duckdns.org:1177 |
| Attributes |
reg_key 670b14728ad9902aecba32e22fa4f6bd
splitter |'|'| |
Targets
Target
MD5
Filesize
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
42f06a2dd04a0b84c019557cc07f0cb6
82KB
Score
10/10
SHA1
SHA256
SHA512
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Tags
Signatures
-
njRAT/Bladabindi
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Description
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Tags
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks