D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

General
Target

D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

Size

93KB

Sample

210916-wndqhsggdj

Score
10 /10
MD5

6bce1d7caa5f71ca7d4620296fc9d775

SHA1

c4af16a65dbdb2a17fe4c3e4811d953c5d501808

SHA256

d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d

SHA512

49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

OC50Y3Aubmdyb2suaW8Strik:MTUxMTQg

Attributes
reg_key
e482830431b4f84bd1e9ebb6982c8a62
splitter
|'|'|
Targets
Target

D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

MD5

6bce1d7caa5f71ca7d4620296fc9d775

Filesize

93KB

Score
10 /10
SHA1

c4af16a65dbdb2a17fe4c3e4811d953c5d501808

SHA256

d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d

SHA512

49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation