00FAAF68512770431F268AA1A1A26F8C589A3F53298DB.exe

General
Target

00FAAF68512770431F268AA1A1A26F8C589A3F53298DB.exe

Size

1MB

Sample

210917-m56yysfdd9

Score
10 /10
MD5

9d7d796646913b03fa10b8d0770ece41

SHA1

bb689e893dd764b3e55d0da1ddf91de2ef38b088

SHA256

00faaf68512770431f268aa1a1a26f8c589a3f53298db6311fd38f263fe0d474

SHA512

602f2ae98c32ad044deff1edfb9bd5b1d696269880962e6912d1c06b0c809e2ceea353ce854a666fcb917eb24c1d549caa048ad6482124fef10ddb95e70655d1

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet Hacked By Mr.Franko
C2

frankohacker.strangled.net:5552

Attributes
reg_key
69bd721f047aceee1a553df23f737f3e
splitter
|'|'|
Targets
Target

00FAAF68512770431F268AA1A1A26F8C589A3F53298DB.exe

MD5

9d7d796646913b03fa10b8d0770ece41

Filesize

1MB

Score
10 /10
SHA1

bb689e893dd764b3e55d0da1ddf91de2ef38b088

SHA256

00faaf68512770431f268aa1a1a26f8c589a3f53298db6311fd38f263fe0d474

SHA512

602f2ae98c32ad044deff1edfb9bd5b1d696269880962e6912d1c06b0c809e2ceea353ce854a666fcb917eb24c1d549caa048ad6482124fef10ddb95e70655d1

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation